feat(security): Add sensitive data sanitization for log export

Luokavin · Luokavin · commit e589936ae969 · 2025-12-29T01:54:29.000+08:00
- Remove app list logging from MainActivity startup
- Add sanitizeLogContent() to mask sensitive data before export:
  - URLs completely masked
  - Profile/config names masked
  - Task descriptions masked
  - Model thinking/action masked
  - App names/package names masked
- Add logging reference documentation
- Prevent agent reinitialization during active tasks

Bump version to 0.0.4
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
@@ -12,8 +12,8 @@ android {
         applicationId = "com.kevinluo.autoglm"
         minSdk = 24
         targetSdk = 34
-        versionCode = 3
-        versionName = "0.0.3"
+        versionCode = 4
+        versionName = "0.0.4"
 
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
     }
diff --git a/app/src/main/java/com/kevinluo/autoglm/ComponentManager.kt b/app/src/main/java/com/kevinluo/autoglm/ComponentManager.kt
@@ -235,14 +235,25 @@ class ComponentManager private constructor(private val context: Context) {
     /**
      * Reinitializes the PhoneAgent with updated configuration.
      * Call this after settings have been changed.
+     * 
+     * Note: This will NOT reinitialize if a task is currently running or paused,
+     * to prevent accidentally cancelling user tasks.
      */
     fun reinitializeAgent() {
         if (userService == null) {
             Logger.w(TAG, "Cannot reinitialize agent: UserService not connected")
             return
         }
         
-        // Cancel any running task
+        // Safety check: don't reinitialize while a task is active
+        _phoneAgent?.let { agent ->
+            if (agent.isRunning() || agent.isPaused()) {
+                Logger.w(TAG, "Cannot reinitialize agent: task is currently active (state: ${agent.getState()})")
+                return
+            }
+        }
+        
+        // Cancel any running task (should be IDLE at this point, but just in case)
         _phoneAgent?.cancel()
         
         // Recreate model client with new config
diff --git a/app/src/main/java/com/kevinluo/autoglm/MainActivity.kt b/app/src/main/java/com/kevinluo/autoglm/MainActivity.kt
@@ -175,9 +175,6 @@ class MainActivity : AppCompatActivity(), PhoneAgentListener {
         componentManager = ComponentManager.getInstance(this)
         Logger.i(TAG, "ComponentManager initialized")
         
-        // Log all launchable apps at startup
-        logAllLaunchableApps()
-        
         initViews()
         setupListeners()
         setupShizukuListeners()
@@ -188,38 +185,6 @@ class MainActivity : AppCompatActivity(), PhoneAgentListener {
         updateTaskStatus(TaskStatus.IDLE)
     }
     
-    /**
-     * Logs all launchable apps for debugging purposes.
-     *
-     * Queries the package manager for all apps with launcher activities
-     * and logs them for debugging. Only logs the first 20 apps to avoid
-     * excessive log output.
-     */
-    private fun logAllLaunchableApps() {
-        // Query apps without loading icons to avoid excessive logging
-        val intent = android.content.Intent(android.content.Intent.ACTION_MAIN).apply {
-            addCategory(android.content.Intent.CATEGORY_LAUNCHER)
-        }
-        val resolveInfoList = packageManager.queryIntentActivities(intent, 0)
-        
-        val apps = resolveInfoList.mapNotNull { resolveInfo ->
-            val activityInfo = resolveInfo.activityInfo ?: return@mapNotNull null
-            val displayName = resolveInfo.loadLabel(packageManager)?.toString() ?: return@mapNotNull null
-            val packageName = activityInfo.packageName ?: return@mapNotNull null
-            displayName to packageName
-        }.distinctBy { it.second }
-        
-        Logger.i(TAG, "=== All Launchable Apps: ${apps.size} total ===")
-        // Only log first 20 apps to avoid log quota
-        apps.take(20).forEach { (name, pkg) ->
-            Logger.i(TAG, "  $name -> $pkg")
-        }
-        if (apps.size > 20) {
-            Logger.i(TAG, "  ... and ${apps.size - 20} more apps")
-        }
-        Logger.i(TAG, "=== End of App List ===")
-    }
-
     /**
      * Updates the overlay permission status display.
      *
@@ -299,7 +264,12 @@ class MainActivity : AppCompatActivity(), PhoneAgentListener {
         // Only reinitialize if service is connected and we need to refresh
         if (componentManager.isServiceConnected) {
             // Check if settings actually changed before reinitializing
-            if (componentManager.settingsManager.hasConfigChanged()) {
+            // But NEVER reinitialize while a task is running or paused - this would cancel the task!
+            val isTaskActive = componentManager.phoneAgent?.let { 
+                it.isRunning() || it.isPaused() 
+            } ?: false
+            
+            if (!isTaskActive && componentManager.settingsManager.hasConfigChanged()) {
                 componentManager.reinitializeAgent()
             }
             componentManager.setPhoneAgentListener(this)
diff --git a/app/src/main/java/com/kevinluo/autoglm/util/LogFileManager.kt b/app/src/main/java/com/kevinluo/autoglm/util/LogFileManager.kt
@@ -128,6 +128,11 @@ object LogFileManager {
 
     /**
      * Exports all logs as a zip file and returns a share intent.
+     * 
+     * Sensitive data is sanitized before export:
+     * - URLs are partially masked
+     * - Profile names are masked
+     * - App lists are removed
      *
      * @param context Context for file operations
      * @return Share intent for the exported zip file, or null if export failed
@@ -147,12 +152,11 @@ object LogFileManager {
                 zipOut.write(deviceInfo.toByteArray())
                 zipOut.closeEntry()
 
-                // Add log files
+                // Add log files with sanitization
                 getLogFiles().forEach { logFile ->
                     zipOut.putNextEntry(ZipEntry(logFile.name))
-                    logFile.inputStream().use { input ->
-                        input.copyTo(zipOut)
-                    }
+                    val sanitizedContent = sanitizeLogContent(logFile.readText())
+                    zipOut.write(sanitizedContent.toByteArray())
                     zipOut.closeEntry()
                 }
             }
@@ -175,6 +179,169 @@ object LogFileManager {
             null
         }
     }
+    
+    /**
+     * Sanitizes log content by masking sensitive data.
+     * 
+     * Masked data includes:
+     * - URLs (keeps protocol and TLD only)
+     * - Profile names
+     * - Task descriptions
+     * - App names and package names
+     * - Model thinking and action content
+     * - App list entries (removed entirely)
+     * 
+     * @param content Raw log content
+     * @return Sanitized log content
+     */
+    private fun sanitizeLogContent(content: String): String {
+        var sanitized = content
+        
+        // ==================== Remove app list entries ====================
+        // Match lines like "  信息 -> com.android.mms" or "  ... and 118 more apps"
+        sanitized = sanitized.replace(
+            Regex("""(?m)^.*\[INFO\] AutoGLM/MainActivity:\s{2,}.*(?:->|more apps).*$\n?"""),
+            ""
+        )
+        sanitized = sanitized.replace(
+            Regex("""(?m)^.*=== All Launchable Apps:.*$\n?"""),
+            ""
+        )
+        sanitized = sanitized.replace(
+            Regex("""(?m)^.*=== End of App List ===.*$\n?"""),
+            ""
+        )
+        
+        // ==================== Mask URLs ====================
+        // Completely mask all URLs
+        sanitized = sanitized.replace(
+            Regex("""https?://[^\s]+""", RegexOption.IGNORE_CASE)
+        ) { "***" }
+        
+        // ==================== Mask profile/config names ====================
+        sanitized = sanitized.replace(
+            Regex("""(Saving profile: id=\S+, name=)([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Saving current configuration as profile: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Saving model configuration: baseUrl=)([^,]+)(, modelName=)([^\n]+)""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Testing connection to: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Imported dev profile: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Saving task template: id=\S+, name=)([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        // ==================== Mask task descriptions ====================
+        // PhoneAgent: "Task started: xxx"
+        sanitized = sanitized.replace(
+            Regex("""(Task started: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        // PhoneAgent: "Step N: xxx"
+        sanitized = sanitized.replace(
+            Regex("""(Step \d+: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        // MainActivity: "Starting task: xxx" or "Starting task from floating window: xxx"
+        sanitized = sanitized.replace(
+            Regex("""(Starting task(?:\s+from floating window)?: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        // ==================== Mask model thinking and action ====================
+        sanitized = sanitized.replace(
+            Regex("""(Thinking: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Action: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Parsing response: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Unknown action format: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Parsing error: [^,]+, input: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        // ==================== Mask app names and package names ====================
+        // AppResolver logs
+        sanitized = sanitized.replace(
+            Regex("""(resolvePackageName called with: ')([^']+)(')""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Normalized query: ')([^']+)(')""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Found as package name: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(App: ')([^']+)(' -> )([^\n]+)""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Similarity ')([^']+)(':.*)""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Best match: ')([^']+)(' \()([^)]+)(\).*)""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}***${it.groupValues[5]}" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(No match found for ')([^']+)(')""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}" }
+        
+        // ActionHandler logs
+        sanitized = sanitized.replace(
+            Regex("""(Launching app: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Using package name directly: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Resolving app name: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Launching package: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Launch failed for )([^:]+)(:.*)""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}" }
+        
+        sanitized = sanitized.replace(
+            Regex("""(Package not found for ')([^']+)('.*)""")
+        ) { "${it.groupValues[1]}***${it.groupValues[3]}" }
+        
+        // ErrorHandler: App not found
+        sanitized = sanitized.replace(
+            Regex("""(App not found: )([^\n]+)""")
+        ) { "${it.groupValues[1]}***" }
+        
+        return sanitized
+    }
 
     /**
      * Cleans up log files older than the specified number of days.
diff --git a/docs/logging-reference.md b/docs/logging-reference.md
