1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.packageinstaller.permission.utils;
18 
19 import android.content.pm.PackageInfo;
20 import android.util.ArrayMap;
21 import android.util.ArraySet;
22 import android.util.EventLog;
23 
24 import com.android.packageinstaller.permission.model.AppPermissionGroup;
25 import com.android.packageinstaller.permission.model.Permission;
26 
27 import java.util.ArrayList;
28 import java.util.List;
29 
30 public final class SafetyNetLogger {
31 
32     // The log tag used by SafetyNet to pick entries from the event log.
33     private static final int SNET_NET_EVENT_LOG_TAG = 0x534e4554;
34 
35     // Log tag for the result of permissions request.
36     private static final String PERMISSIONS_REQUESTED = "individual_permissions_requested";
37 
38     // Log tag for the result of permissions toggling.
39     private static final String PERMISSIONS_TOGGLED = "individual_permissions_toggled";
40 
SafetyNetLogger()41     private SafetyNetLogger() {
42         /* do nothing */
43     }
44 
logPermissionsRequested(PackageInfo packageInfo, List<AppPermissionGroup> groups)45     public static void logPermissionsRequested(PackageInfo packageInfo,
46             List<AppPermissionGroup> groups) {
47         EventLog.writeEvent(SNET_NET_EVENT_LOG_TAG, PERMISSIONS_REQUESTED,
48                 packageInfo.applicationInfo.uid, buildChangedPermissionForPackageMessage(
49                         packageInfo.packageName, groups));
50     }
51 
52     /**
53      * Log that permission groups have been toggled for the purpose of safety net.
54      *
55      * <p>The groups might refer to different permission groups and different apps.
56      *
57      * @param groups The groups toggled
58      */
logPermissionsToggled(ArraySet<AppPermissionGroup> groups)59     public static void logPermissionsToggled(ArraySet<AppPermissionGroup> groups) {
60         ArrayMap<String, ArrayList<AppPermissionGroup>> groupsByPackage = new ArrayMap<>();
61 
62         int numGroups = groups.size();
63         for (int i = 0; i < numGroups; i++) {
64             AppPermissionGroup group = groups.valueAt(i);
65 
66             ArrayList<AppPermissionGroup> groupsForThisPackage = groupsByPackage.get(
67                     group.getApp().packageName);
68             if (groupsForThisPackage == null) {
69                 groupsForThisPackage = new ArrayList<>();
70                 groupsByPackage.put(group.getApp().packageName, groupsForThisPackage);
71             }
72 
73             groupsForThisPackage.add(group);
74             if (group.getBackgroundPermissions() != null) {
75                 groupsForThisPackage.add(group.getBackgroundPermissions());
76             }
77         }
78 
79         int numPackages = groupsByPackage.size();
80         for (int i = 0; i < numPackages; i++) {
81             EventLog.writeEvent(SNET_NET_EVENT_LOG_TAG, PERMISSIONS_TOGGLED,
82                     android.os.Process.myUid(), buildChangedPermissionForPackageMessage(
83                             groupsByPackage.keyAt(i), groupsByPackage.valueAt(i)));
84         }
85     }
86 
87     /**
88      * Log that a permission group has been toggled for the purpose of safety net.
89      *
90      * @param group The group toggled.
91      */
logPermissionToggled(AppPermissionGroup group)92     public static void logPermissionToggled(AppPermissionGroup group) {
93         ArraySet groups = new ArraySet<AppPermissionGroup>(1);
94         groups.add(group);
95         logPermissionsToggled(groups);
96     }
97 
buildChangedPermissionForGroup(AppPermissionGroup group, StringBuilder builder)98     private static void buildChangedPermissionForGroup(AppPermissionGroup group,
99             StringBuilder builder) {
100         int permissionCount = group.getPermissions().size();
101         for (int permissionNum = 0; permissionNum < permissionCount; permissionNum++) {
102             Permission permission = group.getPermissions().get(permissionNum);
103 
104             if (builder.length() > 0) {
105                 builder.append(';');
106             }
107 
108             builder.append(permission.getName()).append('|');
109             builder.append(permission.isGrantedIncludingAppOp()).append('|');
110             builder.append(permission.getFlags());
111         }
112     }
113 
buildChangedPermissionForPackageMessage(String packageName, List<AppPermissionGroup> groups)114     private static String buildChangedPermissionForPackageMessage(String packageName,
115             List<AppPermissionGroup> groups) {
116         StringBuilder builder = new StringBuilder();
117 
118         builder.append(packageName).append(':');
119 
120         int groupCount = groups.size();
121         for (int groupNum = 0; groupNum < groupCount; groupNum++) {
122             AppPermissionGroup group = groups.get(groupNum);
123 
124             buildChangedPermissionForGroup(group, builder);
125             if (group.getBackgroundPermissions() != null) {
126                 buildChangedPermissionForGroup(group.getBackgroundPermissions(), builder);
127             }
128         }
129 
130         return builder.toString();
131     }
132 }
133