Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 875374a4 authored by Ricky Wai's avatar Ricky Wai
Browse files

Use encoder id as insecure DP encoder random seed 

Originally all apps that use insecure DP encoder will generate
the same result in IRR encoder as IRR is purely rely on random generator,
hence all apps will return the same IRR result in encodeBoolean() for
insecure encoder.

Now we change insecure encoder to use encoder id as random generator seed,
so different app will have different deterministic insecure encoder result.

Also, this CL fixes some existing failed tests.

Bug: 63908748
Test: runtest frameworks-services -p com.android.server.net.watchlist PASS
Test: bit FrameworksPrivacyLibraryTests:android.privacy.RapporEncoderTest PASS
Test: bit FrameworksPrivacyLibraryTests:android.privacy.LongitudinalReportingEncoderTest PASS
Change-Id: Iab84a2932d8f84da1dd2f880d2c1567dcbf1e090
parent 7f0087be

core/java/android/privacy/internal/rappor/RapporEncoder.java

+2 −3
Original line number Diff line number Diff line
@@ -33,7 +33,6 @@ import java.util.Random; 
public class RapporEncoder implements DifferentialPrivacyEncoder {



    // Hard-coded seed and secret for insecure encoder

    private static final long INSECURE_RANDOM_SEED = 0x12345678L;

    private static final byte[] INSECURE_SECRET = new byte[]{

            (byte) 0xD7, (byte) 0x68, (byte) 0x99, (byte) 0x93,

            (byte) 0x94, (byte) 0x13, (byte) 0x53, (byte) 0x54,
@@ -66,8 +65,8 @@ public class RapporEncoder implements DifferentialPrivacyEncoder { 
            // Use SecureRandom as random generator.

            random = sSecureRandom;

        } else {

            // Hard-coded random generator, to have deterministic result.

            random = new Random(INSECURE_RANDOM_SEED);

            // To have deterministic result by hard coding encoder id as seed.

            random = new Random((long) config.mEncoderId.hashCode());

            userSecret = INSECURE_SECRET;

        }

        mEncoder = new Encoder(random, null, null,

core/tests/privacytests/src/android/privacy/LongitudinalReportingEncoderTest.java

+4 −4
Original line number Diff line number Diff line
@@ -72,13 +72,13 @@ public class LongitudinalReportingEncoderTest { 
        final LongitudinalReportingEncoder encoder =

                LongitudinalReportingEncoder.createInsecureEncoderForTest(

                        config);

        assertEquals(1, encoder.encodeBoolean(true)[0]);

        assertEquals(0, encoder.encodeBoolean(true)[0]);

        assertEquals(0, encoder.encodeBoolean(true)[0]);

        assertEquals(1, encoder.encodeBoolean(true)[0]);

        assertEquals(0, encoder.encodeBoolean(true)[0]);

        assertEquals(1, encoder.encodeBoolean(true)[0]);

        assertEquals(1, encoder.encodeBoolean(true)[0]);

        assertEquals(1, encoder.encodeBoolean(true)[0]);

        assertEquals(0, encoder.encodeBoolean(true)[0]);

        assertEquals(1, encoder.encodeBoolean(true)[0]);

        assertEquals(1, encoder.encodeBoolean(true)[0]);

        assertEquals(1, encoder.encodeBoolean(true)[0]);
@@ -86,12 +86,12 @@ public class LongitudinalReportingEncoderTest { 
        assertEquals(0, encoder.encodeBoolean(false)[0]);

        assertEquals(1, encoder.encodeBoolean(false)[0]);

        assertEquals(1, encoder.encodeBoolean(false)[0]);

        assertEquals(0, encoder.encodeBoolean(false)[0]);

        assertEquals(1, encoder.encodeBoolean(false)[0]);

        assertEquals(0, encoder.encodeBoolean(false)[0]);

        assertEquals(0, encoder.encodeBoolean(false)[0]);

        assertEquals(1, encoder.encodeBoolean(false)[0]);

        assertEquals(0, encoder.encodeBoolean(false)[0]);

        assertEquals(0, encoder.encodeBoolean(false)[0]);

        assertEquals(1, encoder.encodeBoolean(false)[0]);

        assertEquals(1, encoder.encodeBoolean(false)[0]);



        // Test if IRR returns original result when f = 0

core/tests/privacytests/src/android/privacy/RapporEncoderTest.java

+1 −1
Original line number Diff line number Diff line
@@ -80,7 +80,7 @@ public class RapporEncoderTest { 
        int numBits = 8;

        final long inputValue = 254L;

        final long prrValue = 250L;

        final long prrAndIrrValue = 184L;

        final long prrAndIrrValue = 244L;



        final RapporConfig config1 = new RapporConfig(

                "Foo", // encoderId

services/tests/servicestests/src/com/android/server/net/watchlist/PrivacyUtilsTests.java

+5 −5
Original line number Diff line number Diff line
@@ -77,9 +77,9 @@ public class PrivacyUtilsTests { 
        assertEquals(6, result.size());

        assertTrue(result.get("C86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB48"));

        assertTrue(result.get("C86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB49"));

        assertFalse(result.get("C86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB47"));

        assertTrue(result.get("E86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB45"));

        assertFalse(result.get("C86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB44"));

        assertTrue(result.get("C86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB47"));

        assertFalse(result.get("E86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB45"));

        assertTrue(result.get("C86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB44"));

        assertTrue(result.get("B86F9D37425340B635F43D6BC2506630761ADA71F5E6BBDBCA4651C479F9FB43"));

    }
@@ -87,7 +87,7 @@ public class PrivacyUtilsTests { 
    public void testPrivacyUtils_createInsecureDPEncoderForTest() throws Exception {

        DifferentialPrivacyEncoder encoder = PrivacyUtils.createInsecureDPEncoderForTest("foo");

        assertEquals(

                "EncoderId: watchlist_encoder:foo, ProbabilityF: 0.400, ProbabilityP: 0.250, "

                "EncoderId: watchlist_encoder:foo, ProbabilityF: 0.469, ProbabilityP: 0.280, "

                        + "ProbabilityQ: 1.000",

                encoder.getConfig().toString());

        assertTrue(encoder.isInsecureEncoderForTest());
@@ -97,7 +97,7 @@ public class PrivacyUtilsTests { 
    public void testPrivacyUtils_createSecureDPEncoderTest() throws Exception {

        DifferentialPrivacyEncoder encoder = PrivacyUtils.createSecureDPEncoder(TEST_SECRET, "foo");

        assertEquals(

                "EncoderId: watchlist_encoder:foo, ProbabilityF: 0.400, ProbabilityP: 0.250, "

                "EncoderId: watchlist_encoder:foo, ProbabilityF: 0.469, ProbabilityP: 0.280, "

                        + "ProbabilityQ: 1.000",

                encoder.getConfig().toString());

        assertFalse(encoder.isInsecureEncoderForTest());