1 // Copyright (C) 2017 The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 #define DEBUG false 15 #include "Log.h" 16 17 #include "FdBuffer.h" 18 #include "PrivacyFilter.h" 19 20 #include <android-base/file.h> 21 #include <android-base/test_utils.h> 22 #include <android/os/IncidentReportArgs.h> 23 #include <gmock/gmock.h> 24 #include <gtest/gtest.h> 25 #include <string.h> 26 27 using namespace android; 28 using namespace android::base; 29 using namespace android::os; 30 using namespace android::os::incidentd; 31 using ::testing::StrEq; 32 using ::testing::Test; 33 using ::testing::internal::CaptureStdout; 34 using ::testing::internal::GetCapturedStdout; 35 36 const uint8_t OTHER_TYPE = 1; 37 const uint8_t STRING_TYPE = 9; 38 const uint8_t MESSAGE_TYPE = 11; 39 const std::string STRING_FIELD_0 = "\x02\viamtestdata"; 40 const std::string VARINT_FIELD_1 = "\x08\x96\x01"; // 150 41 const std::string STRING_FIELD_2 = "\x12\vandroidwins"; 42 const std::string FIX64_FIELD_3 = "\x19\xff\xff\xff\xff\xff\xff\xff\xff"; // -1 43 const std::string FIX32_FIELD_4 = "\x25\xff\xff\xff\xff"; // -1 44 const std::string MESSAGE_FIELD_5 = "\x2a\x10" + VARINT_FIELD_1 + STRING_FIELD_2; 45 const std::string NEGATIVE_VARINT_FIELD_6 = "\x30\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01"; // -1 46 47 #if 0 48 class PrivacyFilterTest : public Test { 49 public: 50 virtual ~PrivacyFilterTest() { 51 // Delete in reverse order of construction, to be consistent with 52 // regular allocation/deallocation. 53 while (!privacies.empty()) { 54 delete privacies.back(); 55 privacies.pop_back(); 56 } 57 } 58 59 virtual void SetUp() override { ASSERT_NE(tf.fd, -1); } 60 61 void writeToFdBuffer(std::string str) { 62 ASSERT_TRUE(WriteStringToFile(str, tf.path)); 63 ASSERT_EQ(NO_ERROR, buffer.read(tf.fd, 10000)); 64 ASSERT_EQ(str.size(), buffer.size()); 65 } 66 67 void assertBuffer(PrivacyFilter& buf, std::string expected) { 68 ASSERT_EQ(buf.size(), expected.size()); 69 CaptureStdout(); 70 ASSERT_EQ(buf.flush(STDOUT_FILENO), NO_ERROR); 71 ASSERT_THAT(GetCapturedStdout(), StrEq(expected)); 72 } 73 74 void assertStrip(uint8_t privacyPolicy, std::string expected, Privacy* policy) { 75 PrivacySpec spec = PrivacySpec::new_spec(privacyPolicy); 76 EncodedBuffer::iterator bufData = buffer.data(); 77 PrivacyFilter filter(policy, bufData); 78 ASSERT_EQ(filter.strip(spec), NO_ERROR); 79 assertBuffer(filter, expected); 80 } 81 82 void assertStripByFields(uint8_t privacyPolicy, std::string expected, int size, 83 Privacy* privacy, ...) { 84 Privacy* list[size + 1]; 85 list[0] = privacy; 86 va_list args; 87 va_start(args, privacy); 88 for (int i = 1; i < size; i++) { 89 Privacy* p = va_arg(args, Privacy*); 90 list[i] = pPrivacyFilter 91 } 92 va_end(args); 93 list[size] = NULL; 94 assertStrip(privacyPolicy, expected, create_message_privacy(300, list)); 95 } 96 97 Privacy* create_privacy(uint32_t field_id, uint8_t type, uint8_t privacyPolicy) { 98 Privacy* p = new_uninit_privacy(); 99 p->field_id = field_id; 100 p->type = type; 101 p->children = NULL; 102 p->policy = privacyPolicy; 103 p->patterns = NULL; 104 return p; 105 } 106 107 Privacy* create_message_privacy(uint32_t field_id, Privacy** children) { 108 Privacy* p = new_uninit_privacy(); 109 p->field_id = field_id; 110 p->type = MESSAGE_TYPE; 111 p->children = children; 112 p->policy = PRIVACY_POLICY_UNSET; 113 p->patterns = NULL; 114 return p; 115 } 116 117 FdBuffer buffer; 118 119 private: 120 TemporaryFile tf; 121 // Littering this code with unique_ptr (or similar) is ugly, so we just 122 // mass-free everything after the test completes. 123 std::vector<Privacy*> privacies; 124 125 Privacy* new_uninit_privacy() { 126 Privacy* p = new Privacy; 127 privacies.push_back(p); 128 return p; 129 } 130 }; 131 132 TEST_F(PrivacyFilterTest, NullPolicy) { 133 writeToFdBuffer(STRING_FIELD_0); 134 assertStrip(PRIVACY_POLICY_EXPLICIT, STRING_FIELD_0, NULL); 135 } 136 137 TEST_F(PrivacyFilterTest, StripUnsetField) { 138 writeToFdBuffer(STRING_FIELD_0); 139 assertStripByFields(PRIVACY_POLICY_AUTOMATIC, "", 1, 140 create_privacy(0, STRING_TYPE, PRIVACY_POLICY_UNSET)); 141 } 142 143 TEST_F(PrivacyFilterTest, StripVarintField) { 144 writeToFdBuffer(VARINT_FIELD_1); 145 assertStripByFields(PRIVACY_POLICY_EXPLICIT, "", 1, 146 create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL)); 147 } 148 149 TEST_F(PrivacyFilterTest, StripLengthDelimitedField_String) { 150 writeToFdBuffer(STRING_FIELD_2); 151 assertStripByFields(PRIVACY_POLICY_EXPLICIT, "", 1, 152 create_privacy(2, STRING_TYPE, PRIVACY_POLICY_LOCAL)); 153 } 154 155 TEST_F(PrivacyFilterTest, StripFixed64Field) { 156 writeToFdBuffer(FIX64_FIELD_3); 157 assertStripByFields(PRIVACY_POLICY_EXPLICIT, "", 1, 158 create_privacy(3, OTHER_TYPE, PRIVACY_POLICY_LOCAL)); 159 } 160 161 TEST_F(PrivacyFilterTest, StripFixed32Field) { 162 writeToFdBuffer(FIX32_FIELD_4); 163 assertStripByFields(PRIVACY_POLICY_EXPLICIT, "", 1, 164 create_privacy(4, OTHER_TYPE, PRIVACY_POLICY_LOCAL)); 165 } 166 167 TEST_F(PrivacyFilterTest, StripLengthDelimitedField_Message) { 168 writeToFdBuffer(MESSAGE_FIELD_5); 169 assertStripByFields(PRIVACY_POLICY_EXPLICIT, "", 1, 170 create_privacy(5, MESSAGE_TYPE, PRIVACY_POLICY_LOCAL)); 171 } 172 173 TEST_F(PrivacyFilterTest, StripNegativeVarint) { 174 writeToFdBuffer(NEGATIVE_VARINT_FIELD_6); 175 assertStripByFields(PRIVACY_POLICY_EXPLICIT, "", 1, 176 create_privacy(6, OTHER_TYPE, PRIVACY_POLICY_LOCAL)); 177 } 178 179 TEST_F(PrivacyFilterTest, NoStripVarintField) { 180 writeToFdBuffer(VARINT_FIELD_1); 181 assertStripByFields(PRIVACY_POLICY_EXPLICIT, VARINT_FIELD_1, 1, 182 create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_AUTOMATIC)); 183 } 184 185 TEST_F(PrivacyFilterTest, NoStripLengthDelimitedField_String) { 186 writeToFdBuffer(STRING_FIELD_2); 187 assertStripByFields(PRIVACY_POLICY_EXPLICIT, STRING_FIELD_2, 1, 188 create_privacy(2, STRING_TYPE, PRIVACY_POLICY_AUTOMATIC)); 189 } 190 191 TEST_F(PrivacyFilterTest, NoStripFixed64Field) { 192 writeToFdBuffer(FIX64_FIELD_3); 193 assertStripByFields(PRIVACY_POLICY_EXPLICIT, FIX64_FIELD_3, 1, 194 create_privacy(3, OTHER_TYPE, PRIVACY_POLICY_AUTOMATIC)); 195 } 196 197 TEST_F(PrivacyFilterTest, NoStripFixed32Field) { 198 writeToFdBuffer(FIX32_FIELD_4); 199 assertStripByFields(PRIVACY_POLICY_EXPLICIT, FIX32_FIELD_4, 1, 200 create_privacy(4, OTHER_TYPE, PRIVACY_POLICY_AUTOMATIC)); 201 } 202 203 TEST_F(PrivacyFilterTest, NoStripLengthDelimitedField_Message) { 204 writeToFdBuffer(MESSAGE_FIELD_5); 205 assertStripByFields(PRIVACY_POLICY_EXPLICIT, MESSAGE_FIELD_5, 1, 206 create_privacy(5, MESSAGE_TYPE, PRIVACY_POLICY_AUTOMATIC)); 207 } 208 209 TEST_F(PrivacyFilterTest, NoStripNegativeVarintField) { 210 writeToFdBuffer(NEGATIVE_VARINT_FIELD_6); 211 assertStripByFields(PRIVACY_POLICY_EXPLICIT, NEGATIVE_VARINT_FIELD_6, 1, 212 create_privacy(6, OTHER_TYPE, PRIVACY_POLICY_AUTOMATIC)); 213 } 214 215 TEST_F(PrivacyFilterTest, StripVarintAndString) { 216 writeToFdBuffer(STRING_FIELD_0 + VARINT_FIELD_1 + STRING_FIELD_2 + FIX64_FIELD_3 + 217 FIX32_FIELD_4); 218 std::string expected = STRING_FIELD_0 + FIX64_FIELD_3 + FIX32_FIELD_4; 219 assertStripByFields(PRIVACY_POLICY_EXPLICIT, expected, 2, 220 create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), 221 create_privacy(2, STRING_TYPE, PRIVACY_POLICY_LOCAL)); 222 } 223 224 TEST_F(PrivacyFilterTest, StripVarintAndFixed64) { 225 writeToFdBuffer(STRING_FIELD_0 + VARINT_FIELD_1 + STRING_FIELD_2 + FIX64_FIELD_3 + 226 FIX32_FIELD_4); 227 std::string expected = STRING_FIELD_0 + STRING_FIELD_2 + FIX32_FIELD_4; 228 assertStripByFields(PRIVACY_POLICY_EXPLICIT, expected, 2, 229 create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), 230 create_privacy(3, OTHER_TYPE, PRIVACY_POLICY_LOCAL)); 231 } 232 233 TEST_F(PrivacyFilterTest, StripVarintInNestedMessage) { 234 writeToFdBuffer(STRING_FIELD_0 + MESSAGE_FIELD_5); 235 Privacy* list[] = {create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), NULL}; 236 std::string expected = STRING_FIELD_0 + "\x2a\xd" + STRING_FIELD_2; 237 assertStripByFields(PRIVACY_POLICY_EXPLICIT, expected, 1, create_message_privacy(5, list)); 238 } 239 240 TEST_F(PrivacyFilterTest, StripFix64AndVarintInNestedMessage) { 241 writeToFdBuffer(STRING_FIELD_0 + FIX64_FIELD_3 + MESSAGE_FIELD_5); 242 Privacy* list[] = {create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), NULL}; 243 std::string expected = STRING_FIELD_0 + "\x2a\xd" + STRING_FIELD_2; 244 assertStripByFields(PRIVACY_POLICY_EXPLICIT, expected, 2, 245 create_privacy(3, OTHER_TYPE, PRIVACY_POLICY_LOCAL), 246 create_message_privacy(5, list)); 247 } 248 249 TEST_F(PrivacyFilterTest, ClearAndStrip) { 250 string data = STRING_FIELD_0 + VARINT_FIELD_1; 251 writeToFdBuffer(data); 252 Privacy* list[] = {create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), NULL}; 253 EncodedBuffer::iterator bufData = buffer.data(); 254 PrivacyFilter filter(create_message_privacy(300, list), bufData); 255 PrivacySpec spec1 = PrivacySpec::new_spec(PRIVACY_POLICY_EXPLICIT); 256 PrivacySpec spec2 = PrivacySpec::new_spec(PRIVACY_POLICY_LOCAL); 257 258 ASSERT_EQ(filter.strip(spec1), NO_ERROR); 259 assertBuffer(filter, STRING_FIELD_0); 260 ASSERT_EQ(filter.strip(spec2), NO_ERROR); 261 assertBuffer(filter, data); 262 } 263 264 TEST_F(PrivacyFilterTest, BadDataInFdBuffer) { 265 writeToFdBuffer("iambaddata"); 266 Privacy* list[] = {create_privacy(4, OTHER_TYPE, PRIVACY_POLICY_AUTOMATIC), NULL}; 267 EncodedBuffer::iterator bufData = buffer.data(); 268 PrivacyFilter filter(create_message_privacy(300, list), bufData); 269 PrivacySpec spec; 270 ASSERT_EQ(filter.strip(spec), BAD_VALUE); 271 } 272 273 TEST_F(PrivacyFilterTest, BadDataInNestedMessage) { 274 writeToFdBuffer(STRING_FIELD_0 + MESSAGE_FIELD_5 + "aoeoe"); 275 Privacy* list[] = {create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), NULL}; 276 Privacy* field5[] = {create_message_privacy(5, list), NULL}; 277 EncodedBuffer::iterator bufData = buffer.data(); 278 PrivacyFilter filter(create_message_privacy(300, field5), bufData); 279 PrivacySpec spec; 280 ASSERT_EQ(filter.strip(spec), BAD_VALUE); 281 } 282 283 TEST_F(PrivacyFilterTest, SelfRecursionMessage) { 284 string input = "\x2a\"" + VARINT_FIELD_1 + STRING_FIELD_2 + MESSAGE_FIELD_5; 285 writeToFdBuffer(input); 286 Privacy* field5 = create_message_privacy(5, NULL); 287 Privacy* list[] = {create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), field5, NULL}; 288 field5->children = list; 289 std::string expected = "\x2a\x1c" + STRING_FIELD_2 + "\x2a\xd" + STRING_FIELD_2; 290 assertStrip(PRIVACY_POLICY_EXPLICIT, expected, field5); 291 } 292 293 TEST_F(PrivacyFilterTest, AutoMessage) { 294 writeToFdBuffer(STRING_FIELD_2 + MESSAGE_FIELD_5); 295 Privacy* list[] = {create_privacy(1, OTHER_TYPE, PRIVACY_POLICY_LOCAL), NULL}; 296 Privacy* autoMsg = create_privacy(5, MESSAGE_TYPE, PRIVACY_POLICY_AUTOMATIC); 297 autoMsg->children = list; 298 std::string expected = "\x2a\xd" + STRING_FIELD_2; 299 assertStripByFields(PRIVACY_POLICY_AUTOMATIC, expected, 1, autoMsg); 300 } 301 302 #endif 303