redact PII only for non-null value and apply SHA-1

am: d0a7649f53

Change-Id: I4424a97dc00444df80c53fe4bbb20dfb7840e441

telephony/java/android/telephony/Rlog.java

@@ -16,8 +16,15 @@
 
 package android.telephony;
 
+import android.text.TextUtils;
 import android.util.Log;
 
+import android.util.Base64;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+
 /**
  * A class to log strings to the RADIO LOG.
  *
@@ -87,11 +94,52 @@ public final class Rlog {
 
     /**
      * Redact personally identifiable information for production users.
-     * If log tag is loggable in verbose mode, return the original string, otherwise return XXX.
+     * @param tag used to identify the source of a log message
+     * @param pii the personally identifiable information we want to apply secure hash on.
+     * @return If tag is loggable in verbose mode or pii is null, return the original input.
+     * otherwise return a secure Hash of input pii
      */
     public static String pii(String tag, Object pii) {
-        return (isLoggable(tag, Log.VERBOSE) ? String.valueOf(pii) : "XXX");
+        String val = String.valueOf(pii);
+        if (pii == null || TextUtils.isEmpty(val) || isLoggable(tag, Log.VERBOSE)) {
+            return val;
+        }
+        return "[" + secureHash(val.getBytes()) + "]";
     }
 
+    /**
+     * Redact personally identifiable information for production users.
+     * @param enablePiiLogging set when caller explicitly want to enable sensitive logging.
+     * @param pii the personally identifiable information we want to apply secure hash on.
+     * @return If enablePiiLogging is set to true or pii is null, return the original input.
+     * otherwise return a secure Hash of input pii
+     */
+    public static String pii(boolean enablePiiLogging, Object pii) {
+        String val = String.valueOf(pii);
+        if (pii == null || TextUtils.isEmpty(val) || enablePiiLogging) {
+            return val;
+        }
+        return "[" + secureHash(val.getBytes()) + "]";
+    }
+
+    /**
+     * Returns a secure hash (using the SHA1 algorithm) of the provided input.
+     *
+     * @return the hash
+     * @param input the bytes for which the secure hash should be computed.
+     */
+    private static String secureHash(byte[] input) {
+        MessageDigest messageDigest;
+
+        try {
+            messageDigest = MessageDigest.getInstance("SHA-1");
+        } catch (NoSuchAlgorithmException e) {
+            return "####";
+        }
+
+        byte[] result = messageDigest.digest(input);
+        return Base64.encodeToString(
+                result, Base64.URL_SAFE | Base64.NO_PADDING | Base64.NO_WRAP);
+    }
 }
 

telephony/java/android/telephony/SubscriptionInfo.java

@@ -340,7 +340,7 @@ public class SubscriptionInfo implements Parcelable {
         String iccIdToPrint = null;
         if (iccId != null) {
             if (iccId.length() > 9 && !Build.IS_DEBUGGABLE) {
-                iccIdToPrint = iccId.substring(0, 9) + "XXXXXXXXXXX";
+                iccIdToPrint = iccId.substring(0, 9) + Rlog.pii(false, iccId.substring(9));
             } else {
                 iccIdToPrint = iccId;
             }