From 5fe88098b950f2602651061adf3a87fecd093b1b Mon Sep 17 00:00:00 2001
From: tek <tek@randhome.io>
Date: Tue, 16 Aug 2022 18:57:18 +0200
Subject: [PATCH] Improves dumpsys battery history parsing

---
 mvt/android/parsers/dumpsys.py                 | 15 +++++++++++++--
 tests/android/test_dumpsys_parser.py           | 18 +++++++++++++++++-
 .../artifacts/android_data/dumpsys_battery.txt | 11 +++++++++++
 3 files changed, 41 insertions(+), 3 deletions(-)
 create mode 100644 tests/artifacts/android_data/dumpsys_battery.txt

diff --git a/mvt/android/parsers/dumpsys.py b/mvt/android/parsers/dumpsys.py
index 61eb9d6..1302d54 100644
--- a/mvt/android/parsers/dumpsys.py
+++ b/mvt/android/parsers/dumpsys.py
@@ -169,6 +169,17 @@ def parse_dumpsys_battery_history(output: str) -> list:
                 continue
 
             package_name = service.split("/")[0]
+        elif (line.find("+top=") > 0) or (line.find("-top") > 0):
+            if line.find("+top=") > 0:
+                event = "start_top"
+                top_pos = line.find("+top=")
+            else:
+                event = "end_top"
+                top_pos = line.find("-top=")
+            colon_pos = top_pos+line[top_pos:].find(":")
+            uid = line[top_pos+5:colon_pos]
+            service = ""
+            package_name = line[colon_pos+1:].strip('"')
         else:
             continue
 
@@ -186,8 +197,8 @@ def parse_dumpsys_battery_history(output: str) -> list:
 def parse_dumpsys_dbinfo(output: str) -> list:
     results = []
 
-    rxp = re.compile(r'.*\[([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3})\].*\[Pid:\((\d+)\)\](\w+).*sql\=\"(.+?)\"') # pylint: disable=line-too-long
-    rxp_no_pid = re.compile(r'.*\[([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3})\][ ]{1}(\w+).*sql\=\"(.+?)\"') # pylint: disable=line-too-long
+    rxp = re.compile(r'.*\[([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3})\].*\[Pid:\((\d+)\)\](\w+).*sql\=\"(.+?)\"')  # pylint: disable=line-too-long
+    rxp_no_pid = re.compile(r'.*\[([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3})\][ ]{1}(\w+).*sql\=\"(.+?)\"')  # pylint: disable=line-too-long
 
     pool = None
     in_operations = False
diff --git a/tests/android/test_dumpsys_parser.py b/tests/android/test_dumpsys_parser.py
index 83d804b..e4cdea5 100644
--- a/tests/android/test_dumpsys_parser.py
+++ b/tests/android/test_dumpsys_parser.py
@@ -3,7 +3,7 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
-from mvt.android.parsers.dumpsys import parse_dumpsys_appops
+from mvt.android.parsers.dumpsys import parse_dumpsys_appops, parse_dumpsys_battery_history
 
 from ..utils import get_artifact
 
@@ -26,3 +26,19 @@ class TestDumpsysParsing:
         assert res[6]["package_name"] == "com.sec.factory.camera"
         assert len(res[6]["permissions"][1]["entries"]) == 1
         assert len(res[11]["permissions"]) == 4
+
+    def test_battery_history_parsing(self):
+        file = get_artifact("android_data/dumpsys_battery.txt")
+        with open(file) as f:
+            data = f.read()
+
+        res = parse_dumpsys_battery_history(data)
+
+        assert len(res) == 5
+        assert res[0]["package_name"] == "com.samsung.android.app.reminder"
+        assert res[1]["event"] == "end_job"
+        assert res[2]["event"] == "start_top"
+        assert res[2]["uid"] == "u0a280"
+        assert res[2]["package_name"] == "com.whatsapp"
+        assert res[3]["event"] == "end_top"
+        assert res[4]["package_name"] == "com.sec.android.app.launcher"
diff --git a/tests/artifacts/android_data/dumpsys_battery.txt b/tests/artifacts/android_data/dumpsys_battery.txt
new file mode 100644
index 0000000..29568ed
--- /dev/null
+++ b/tests/artifacts/android_data/dumpsys_battery.txt
@@ -0,0 +1,11 @@
+Battery History (0% used, 2720 used of 4096KB, 31 strings using 2694):
+                    0 (19) RESET:TIME: 2022-01-04-17-30-01
+                    0 (2) 100 status=discharging health=good plug=none temp=242 volt=4302 current=0 ap_temp=24 -nr_connected -wifi_ap -otg misc_event=0x0 online=1 current_event=0x0 txshare_event=0x0 charge=3000 modemRailChargemAh=0 wifiRailChargemAh=0 +running phone_signal_strength=great +wifi_running +wifi +usb_data +ble_scan top=u0a44:"com.sec.android.app.launcher"
+                    0 (2) 100 user=0:"0"
+            +47s645ms (2) 100 +job=u0a94:"com.samsung.android.app.reminder/.data.alarmregister.RegisterAlarmJobService"
+            +47s731ms (2) 100 -job=u0a94:"com.samsung.android.app.reminder/.data.alarmregister.RegisterAlarmJobService"
+       +1h26m18s315ms (2) 095 +top=u0a280:"com.whatsapp"
+              +1h28m35s053ms (2) 095 -top=u0a280:"com.whatsapp"
+    +2d23h22m24s588ms (2) 079 +usb_data +top=u0a44:"com.sec.android.app.launcher"
+
+