1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #pragma once 17 18 #ifndef PRIVACY_H 19 #define PRIVACY_H 20 21 #include <android/os/IncidentReportArgs.h> 22 23 #include <stdint.h> 24 25 namespace android { 26 namespace os { 27 namespace incidentd { 28 29 using namespace android::os; 30 31 /* 32 * In order to NOT auto-generate large chuck of code by proto compiler in incidentd, 33 * privacy options's data structure are explicitly redefined here and 34 * the values are populated by incident_section_gen tool. 35 * 36 * Each proto field will have a Privacy when it is different from its parent, otherwise 37 * it uses its parent's tag. A message type will have an array of Privacy. 38 */ 39 struct Privacy { 40 // The field number 41 uint32_t field_id; 42 43 // The field type, see external/protobuf/src/google/protobuf/descriptor.h 44 uint8_t type; 45 46 // If children is null, it is a primitive field, 47 // otherwise it is a message field which could have overridden privacy tags here. 48 // This array is NULL-terminated. 49 Privacy** children; 50 51 // DESTINATION Enum in frameworks/base/core/proto/android/privacy.proto. 52 uint8_t policy; 53 54 // A list of regexp rules for stripping string fields in proto. 55 const char** patterns; 56 57 string toString() const; 58 }; 59 60 // Encode field id used by ProtoOutputStream. 61 uint64_t encode_field_id(const Privacy* p); 62 63 // Look up the child with given fieldId, if not found, return NULL. 64 const Privacy* lookup(const Privacy* p, uint32_t fieldId); 65 66 /** 67 * PrivacySpec defines the request has what level of privacy authorization. 68 * For example, a device without user consent should only be able to upload AUTOMATIC fields. 69 * PRIVACY_POLICY_UNSET are treated as PRIVACY_POLICY_EXPLICIT. 70 */ 71 class PrivacySpec { 72 public: 73 explicit PrivacySpec(uint8_t argPolicy); 74 75 bool operator<(const PrivacySpec& other) const; 76 77 // check permission of a policy, if returns true, don't strip the data. 78 bool CheckPremission(const Privacy* privacy, 79 const uint8_t defaultPrivacyPolicy = PRIVACY_POLICY_UNSET) const; 80 81 // if returns true, no data need to be stripped. 82 bool RequireAll() const; 83 84 uint8_t getPolicy() const; 85 86 private: 87 // unimplemented constructors 88 explicit PrivacySpec(); 89 90 uint8_t mPolicy; 91 }; 92 93 /** 94 * If a privacy policy is other than the defined values, update it to a real one. 95 */ 96 uint8_t cleanup_privacy_policy(uint8_t policy); 97 98 } // namespace incidentd 99 } // namespace os 100 } // namespace android 101 102 #endif // PRIVACY_H 103