Merge "Add limits on BlobHandle label and lease expiry strings." into rvc-dev

author: Sudheer Shanka <sudheersai@google.com> 2020-06-29 21:39:20 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-06-29 21:39:20 +0000
commit: 7434322aef9ac94addf12d8bc6704c8fb68359fb (patch)
tree: 5a1f3934dbfe8db1cef4e4b46c19697249dfa35f /apex/blobstore
parent: 36060929b4bd14a33d7c5af0ca0733f3910608bf (diff)
parent: 94b852f9a6ba2fd87d7ab9c818935ae19d500698 (diff)
4 files changed, 41 insertions, 4 deletions
diff --git a/apex/blobstore/framework/java/android/app/blob/BlobHandle.java b/apex/blobstore/framework/java/android/app/blob/BlobHandle.java
index ecc78ce7cf34..113f8fe9e248 100644
--- a/apex/blobstore/framework/java/android/app/blob/BlobHandle.java
+++ b/apex/blobstore/framework/java/android/app/blob/BlobHandle.java
@@ -51,6 +51,7 @@ public final class BlobHandle implements Parcelable {
     };
 
     private static final int LIMIT_BLOB_TAG_LENGTH = 128; // characters
+    private static final int LIMIT_BLOB_LABEL_LENGTH = 100; // characters
 
     /**
      * Cyrptographically secure hash algorithm used to generate hash of the blob this handle is
@@ -128,6 +129,9 @@ public final class BlobHandle implements Parcelable {
      *
      * @param digest the SHA-256 hash of the blob this is representing.
      * @param label a label indicating what the blob is, that can be surfaced to the user.
+     *              The length of the label cannot be more than 100 characters. It is recommended
+     *              to keep this brief. This may be truncated and ellipsized if it is too long
+     *              to be displayed to the user.
      * @param expiryTimeMillis the time in secs after which the blob should be invalidated and not
      *                         allowed to be accessed by any other app,
      *                         in {@link System#currentTimeMillis()} timebase or {@code 0} to
@@ -205,9 +209,9 @@ public final class BlobHandle implements Parcelable {
         final BlobHandle other = (BlobHandle) obj;
         return this.algorithm.equals(other.algorithm)
                 && Arrays.equals(this.digest, other.digest)
-                && this.label.equals(other.label)
+                && this.label.toString().equals(other.label.toString())
                 && this.expiryTimeMillis == other.expiryTimeMillis
-                && this.tag.equals(tag);
+                && this.tag.equals(other.tag);
     }
 
     @Override
@@ -233,6 +237,7 @@ public final class BlobHandle implements Parcelable {
         Preconditions.checkArgumentIsSupported(SUPPORTED_ALGOS, algorithm);
         Preconditions.checkByteArrayNotEmpty(digest, "digest");
         Preconditions.checkStringNotEmpty(label, "label must not be null");
+        Preconditions.checkArgument(label.length() <= LIMIT_BLOB_LABEL_LENGTH, "label too long");
         Preconditions.checkArgumentNonnegative(expiryTimeMillis,
                 "expiryTimeMillis must not be negative");
         Preconditions.checkStringNotEmpty(tag, "tag must not be null");
diff --git a/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java b/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java
index 9c1acafa800d..39f7526560a9 100644
--- a/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java
+++ b/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java
@@ -347,7 +347,9 @@ public class BlobStoreManager {
      * @param blobHandle the {@link BlobHandle} representing the blob that the caller wants to
      *                   acquire a lease for.
      * @param description a short description string that can be surfaced
-     *                    to the user explaining what the blob is used for.
+     *                    to the user explaining what the blob is used for. It is recommended to
+     *                    keep this description brief. This may be truncated and ellipsized
+     *                    if it is too long to be displayed to the user.
      * @param leaseExpiryTimeMillis the time in milliseconds after which the lease can be
      *                              automatically released, in {@link System#currentTimeMillis()}
      *                              timebase. If its value is {@code 0}, then the behavior of this
@@ -458,7 +460,9 @@ public class BlobStoreManager {
      * @param blobHandle the {@link BlobHandle} representing the blob that the caller wants to
      *                   acquire a lease for.
      * @param description a short description string that can be surfaced
-     *                    to the user explaining what the blob is used for.
+     *                    to the user explaining what the blob is used for. It is recommended to
+     *                    keep this description brief. This may be truncated and
+     *                    ellipsized if it is too long to be displayed to the user.
      *
      * @throws IOException when there is an I/O error while acquiring a lease to the blob.
      * @throws SecurityException when the blob represented by the {@code blobHandle} does not
diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobStoreConfig.java b/apex/blobstore/service/java/com/android/server/blob/BlobStoreConfig.java
index 79cd1b17a5b5..bb9f13f1712c 100644
--- a/apex/blobstore/service/java/com/android/server/blob/BlobStoreConfig.java
+++ b/apex/blobstore/service/java/com/android/server/blob/BlobStoreConfig.java
@@ -25,6 +25,7 @@ import android.content.Context;
 import android.os.Environment;
 import android.provider.DeviceConfig;
 import android.provider.DeviceConfig.Properties;
+import android.text.TextUtils;
 import android.util.DataUnit;
 import android.util.Log;
 import android.util.Slog;
@@ -171,6 +172,13 @@ class BlobStoreConfig {
         public static int MAX_BLOB_ACCESS_PERMITTED_PACKAGES =
                 DEFAULT_MAX_BLOB_ACCESS_PERMITTED_PACKAGES;
 
+        /**
+         * Denotes the maximum number of characters that a lease description can have.
+         */
+        public static final String KEY_LEASE_DESC_CHAR_LIMIT = "lease_desc_char_limit";
+        public static int DEFAULT_LEASE_DESC_CHAR_LIMIT = 300;
+        public static int LEASE_DESC_CHAR_LIMIT = DEFAULT_LEASE_DESC_CHAR_LIMIT;
+
         static void refresh(Properties properties) {
             if (!NAMESPACE_BLOBSTORE.equals(properties.getNamespace())) {
                 return;
@@ -221,6 +229,10 @@ class BlobStoreConfig {
                         MAX_BLOB_ACCESS_PERMITTED_PACKAGES = properties.getInt(key,
                                 DEFAULT_MAX_BLOB_ACCESS_PERMITTED_PACKAGES);
                         break;
+                    case KEY_LEASE_DESC_CHAR_LIMIT:
+                        LEASE_DESC_CHAR_LIMIT = properties.getInt(key,
+                                DEFAULT_LEASE_DESC_CHAR_LIMIT);
+                        break;
                     default:
                         Slog.wtf(TAG, "Unknown key in device config properties: " + key);
                 }
@@ -262,6 +274,8 @@ class BlobStoreConfig {
             fout.println(String.format(dumpFormat, KEY_MAX_BLOB_ACCESS_PERMITTED_PACKAGES,
                     MAX_BLOB_ACCESS_PERMITTED_PACKAGES,
                     DEFAULT_MAX_BLOB_ACCESS_PERMITTED_PACKAGES));
+            fout.println(String.format(dumpFormat, KEY_LEASE_DESC_CHAR_LIMIT,
+                    LEASE_DESC_CHAR_LIMIT, DEFAULT_LEASE_DESC_CHAR_LIMIT));
         }
     }
 
@@ -368,6 +382,18 @@ class BlobStoreConfig {
         return DeviceConfigProperties.MAX_BLOB_ACCESS_PERMITTED_PACKAGES;
     }
 
+    /**
+     * Returns the lease description truncated to
+     * {@link DeviceConfigProperties#LEASE_DESC_CHAR_LIMIT} characters.
+     */
+    public static CharSequence getTruncatedLeaseDescription(CharSequence description) {
+        if (TextUtils.isEmpty(description)) {
+            return description;
+        }
+        return TextUtils.trimToLengthWithEllipsis(description,
+                DeviceConfigProperties.LEASE_DESC_CHAR_LIMIT);
+    }
+
     @Nullable
     public static File prepareBlobFile(long sessionId) {
         final File blobsDir = prepareBlobsDir();
diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java b/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java
index 520e8bbf9f93..d37dfdeaa583 100644
--- a/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java
+++ b/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java
@@ -1500,6 +1500,8 @@ public class BlobStoreManagerService extends SystemService {
                     "leaseExpiryTimeMillis must not be negative");
             Objects.requireNonNull(packageName, "packageName must not be null");
 
+            description = BlobStoreConfig.getTruncatedLeaseDescription(description);
+
             final int callingUid = Binder.getCallingUid();
             verifyCallingPackage(callingUid, packageName);
author	Sudheer Shanka <sudheersai@google.com>	2020-06-29 21:39:20 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-06-29 21:39:20 +0000
commit	7434322aef9ac94addf12d8bc6704c8fb68359fb (patch)
tree	5a1f3934dbfe8db1cef4e4b46c19697249dfa35f /apex/blobstore
parent	36060929b4bd14a33d7c5af0ca0733f3910608bf (diff)
parent	94b852f9a6ba2fd87d7ab9c818935ae19d500698 (diff)