com/android/server/net/watchlist/WatchlistSettings.java

/*
 * Copyright 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.server.net.watchlist;

import android.os.Environment;
import android.util.AtomicFile;
import android.util.Log;
import android.util.Slog;
import android.util.Xml;

import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.FastXmlSerializer;
import com.android.internal.util.HexDump;
import com.android.internal.util.XmlUtils;

import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmlpull.v1.XmlSerializer;

import java.io.File;
import java.io.FileDescriptor;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import java.util.zip.CRC32;

/**
 * Class for handling watchlist settings operations, like getting differential privacy secret key.
 * Unlike WatchlistConfig, which will read configs that pushed from ConfigUpdater only, this class
 * can read and write all settings for watchlist operations.
 */
class WatchlistSettings {

    private static final String TAG = "WatchlistSettings";

    private static final String FILE_NAME = "watchlist_settings.xml";
    // Rappor requires min entropy input size = 48 bytes
    private static final int SECRET_KEY_LENGTH = 48;

    private final static WatchlistSettings sInstance = new WatchlistSettings();
    private final AtomicFile mXmlFile;

    private byte[] mPrivacySecretKey = null;

    public static WatchlistSettings getInstance() {
        return sInstance;
    }

    private WatchlistSettings() {
        this(getSystemWatchlistFile());
    }

    static File getSystemWatchlistFile() {
        return new File(Environment.getDataSystemDirectory(), FILE_NAME);
    }

    @VisibleForTesting
    protected WatchlistSettings(File xmlFile) {
        mXmlFile = new AtomicFile(xmlFile, "net-watchlist");
        reloadSettings();
        if (mPrivacySecretKey == null) {
            // Generate a new secret key and save settings
            mPrivacySecretKey = generatePrivacySecretKey();
            saveSettings();
        }
    }

    private void reloadSettings() {
        if (!mXmlFile.exists()) {
            // No settings config
            return;
        }
        try (FileInputStream stream = mXmlFile.openRead()){
            XmlPullParser parser = Xml.newPullParser();
            parser.setInput(stream, StandardCharsets.UTF_8.name());
            XmlUtils.beginDocument(parser, "network-watchlist-settings");
            final int outerDepth = parser.getDepth();
            while (XmlUtils.nextElementWithin(parser, outerDepth)) {
                if (parser.getName().equals("secret-key")) {
                    mPrivacySecretKey = parseSecretKey(parser);
                }
            }
            Slog.i(TAG, "Reload watchlist settings done");
        } catch (IllegalStateException | NullPointerException | NumberFormatException |
                XmlPullParserException | IOException | IndexOutOfBoundsException e) {
            Slog.e(TAG, "Failed parsing xml", e);
        }
    }

    private byte[] parseSecretKey(XmlPullParser parser)
            throws IOException, XmlPullParserException {
        parser.require(XmlPullParser.START_TAG, null, "secret-key");
        byte[] key = HexDump.hexStringToByteArray(parser.nextText());
        parser.require(XmlPullParser.END_TAG, null, "secret-key");
        if (key == null || key.length != SECRET_KEY_LENGTH) {
            Log.e(TAG, "Unable to parse secret key");
            return null;
        }
        return key;
    }

    /**
     * Get DP secret key.
     * Make sure it is not exported or logged in anywhere.
     */
    synchronized byte[] getPrivacySecretKey() {
        final byte[] key = new byte[SECRET_KEY_LENGTH];
        System.arraycopy(mPrivacySecretKey, 0, key, 0, SECRET_KEY_LENGTH);
        return key;
    }

    private byte[] generatePrivacySecretKey() {
        final byte[] key = new byte[SECRET_KEY_LENGTH];
        (new SecureRandom()).nextBytes(key);
        return key;
    }

    private void saveSettings() {
        FileOutputStream stream;
        try {
            stream = mXmlFile.startWrite();
        } catch (IOException e) {
            Log.w(TAG, "Failed to write display settings: " + e);
            return;
        }
        try {
            XmlSerializer out = new FastXmlSerializer();
            out.setOutput(stream, StandardCharsets.UTF_8.name());
            out.startDocument(null, true);
            out.startTag(null, "network-watchlist-settings");
            out.startTag(null, "secret-key");
            out.text(HexDump.toHexString(mPrivacySecretKey));
            out.endTag(null, "secret-key");
            out.endTag(null, "network-watchlist-settings");
            out.endDocument();
            mXmlFile.finishWrite(stream);
        } catch (IOException e) {
            Log.w(TAG, "Failed to write display settings, restoring backup.", e);
            mXmlFile.failWrite(stream);
        }
    }
}