From 00ed79dbae6fe837ba9a7593ce2365cd9cbfe34e Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Wed, 6 Nov 2019 10:20:04 -0500
Subject: [PATCH] Somewhat working, but changing direction

---
 bindings/java/jni/dataModel_SleuthkitJNI.cpp  | 20 ++++++++++++++++++-
 bindings/java/jni/dataModel_SleuthkitJNI.h    | 15 ++++++++++++--
 .../org/sleuthkit/datamodel/Bundle.properties |  1 +
 .../org/sleuthkit/datamodel/FileSystem.java   |  3 ++-
 .../org/sleuthkit/datamodel/SleuthkitJNI.java |  4 ++--
 .../src/org/sleuthkit/datamodel/TskData.java  |  3 +++
 6 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.cpp b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
index 75ff69cb0..0384cfdc3 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.cpp
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
@@ -1422,13 +1422,31 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_openVolNat(JNIEnv * env,
  * @param fs_offset the offset in bytes to the file system 
  */
 JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openFsNat
-    (JNIEnv * env, jclass obj, jlong a_img_info, jlong fs_offset) {
+    (JNIEnv * env, jclass obj, jlong a_img_info, jlong fs_offset, jlong pool_block) {
     TSK_IMG_INFO *img_info = castImgInfo(env, a_img_info);
     if (img_info == 0) {
         //exception already set
         return 0;
     }
     TSK_FS_INFO *fs_info;
+    printf("Java_org_sleuthkit_datamodel_SleuthkitJNI_openFsNat - pool_block = %lld\n", pool_block);
+    fflush(stdout);
+
+    if (pool_block > 0) {
+        printf("  Ok have a pool\n");
+        const TSK_POOL_INFO *pool = tsk_pool_open_img_sing(img_info, fs_offset, TSK_POOL_TYPE_DETECT);
+
+        if (pool == NULL) {
+            tsk_error_print(stderr);
+            if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
+                tsk_pool_type_print(stderr);
+            setThrowTskCoreError(env, tsk_error_get());
+        }
+
+        printf("  Making new img_info\n");
+        fflush(stdout);
+        img_info = pool->get_img_info(pool, pool_block);
+    }
 
     fs_info =
         tsk_fs_open_img(img_info, (TSK_OFF_T) fs_offset,
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.h b/bindings/java/jni/dataModel_SleuthkitJNI.h
index 52a7a85a4..ad20cb8e6 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.h
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.h
@@ -290,10 +290,10 @@ JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openVolNat
 /*
  * Class:     org_sleuthkit_datamodel_SleuthkitJNI
  * Method:    openFsNat
- * Signature: (JJ)J
+ * Signature: (JJJ)J
  */
 JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openFsNat
-  (JNIEnv *, jclass, jlong, jlong);
+  (JNIEnv *, jclass, jlong, jlong, jlong);
 
 /*
  * Class:     org_sleuthkit_datamodel_SleuthkitJNI
@@ -479,3 +479,14 @@ extern "C" {
 }
 #endif
 #endif
+/* Header for class org_sleuthkit_datamodel_SleuthkitJNI_CaseHandles */
+
+#ifndef _Included_org_sleuthkit_datamodel_SleuthkitJNI_CaseHandles
+#define _Included_org_sleuthkit_datamodel_SleuthkitJNI_CaseHandles
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
index 9e0e01c75..1368c8404 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+++ b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
@@ -230,6 +230,7 @@ TskData.tskFsTypeEnum.RAWautoDetect=RAW (Auto Detection)
 TskData.tskFsTypeEnum.ISO9660autoDetect=ISO9660 (Auto Detection)
 TskData.tskFsTypeEnum.HFSautoDetect=HFS (Auto Detection)
 TskData.tskFsTypeEnum.YAFFS2autoDetect=YAFFS2 (Auto Detection)
+TskData.tskFsTypeEnum.APFSautoDetect=APFS (Auto Detection)
 TskData.tskFsTypeEnum.unsupported=Unsupported File System
 TskData.tskImgTypeEnum.autoDetect=Auto Detect
 TskData.tskImgTypeEnum.rawSingle=Raw Single
diff --git a/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java b/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java
index 8d5b8fcc8..67d23024a 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java
@@ -61,6 +61,7 @@ protected FileSystem(SleuthkitCase db, long obj_id, String name, long img_offset
 		this.firstInum = first_inum;
 		this.lastInum = last_inum;
 		this.poolBlock = poolBlock;
+		System.out.println("%%% Created new FileSystem object with poolBlock = " + poolBlock);
 	}
 
 	@Override
@@ -94,7 +95,7 @@ long getFileSystemHandle() throws TskCoreException {
 					Content dataSource = getDataSource();
 					if ((dataSource != null) && (dataSource instanceof Image)) {
 						Image image = (Image) dataSource;
-						filesystemHandle = SleuthkitJNI.openFs(image.getImageHandle(), imgOffset, getSleuthkitCase());
+						filesystemHandle = SleuthkitJNI.openFs(image.getImageHandle(), imgOffset, poolBlock, getSleuthkitCase());
 					} else {
 						throw new TskCoreException("Data Source of File System is not an image");
 					}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index 7497fc87e..94128c6fc 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -843,7 +843,7 @@ public static long openFs(long imgHandle, long fsOffset, long poolBlock, Sleuthk
 					//return cached
 					fsHandle = imgOffSetToFsHandle.get(combinedOffset);
 				} else {
-					fsHandle = openFsNat(imgHandle, combinedOffset);
+					fsHandle = openFsNat(imgHandle, fsOffset, poolBlock);
 					//cache it
 					imgOffSetToFsHandle.put(combinedOffset, fsHandle);
 				}
@@ -1670,7 +1670,7 @@ public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM at
 
 	private static native long openVolNat(long vsHandle, long volId) throws TskCoreException;
 
-	private static native long openFsNat(long imgHandle, long fsId) throws TskCoreException;
+	private static native long openFsNat(long imgHandle, long fsId, long poolOffset) throws TskCoreException;
 
 	private static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId) throws TskCoreException;
 
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TskData.java b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
index 6c8b844ff..8e13bba34 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TskData.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
@@ -460,6 +460,8 @@ public enum TSK_FS_TYPE_ENUM {
 		TSK_FS_TYPE_EXT4(0x00002000, "Ext4"), ///< Ext4 file system
 		TSK_FS_TYPE_YAFFS2(0x00004000, "YAFFS2"), ///< YAFFS2 file system
 		TSK_FS_TYPE_YAFFS2_DETECT(0x00004000, bundle.getString("TskData.tskFsTypeEnum.YAFFS2autoDetect")), ///< YAFFS2 auto detection
+		TSK_FS_TYPE_APFS(0x00010000, "APFS"), ///< APFS file system
+		TSK_FS_TYPE_APFS_DETECT(0x00010000, bundle.getString("TskData.tskFsTypeEnum.APFSautoDetect")), ///< APFS auto detection
 		TSK_FS_TYPE_UNSUPP(0xffffffff, bundle.getString("TskData.tskFsTypeEnum.unsupported"));        ///< Unsupported file system
 
 		private int value;
@@ -524,6 +526,7 @@ public enum TSK_IMG_TYPE_ENUM {
 		TSK_IMG_TYPE_EWF_EWF(64, "E01"), // Expert Witness format (encase) NON-NLS
 		TSK_IMG_TYPE_VMDK_VMDK(128, "VMDK"), // VMware Virtual Disk (VMDK) NON-NLS
 		TSK_IMG_TYPE_VHD_VHD(256, "VHD"), // Virtual Hard Disk (VHD) image format NON-NLS
+		TSK_IMG_TYPE_POOL_POOL(16384, "POOL"), // Pool (internal use) NON-NLS
 		TSK_IMG_TYPE_UNSUPP(65535, bundle.getString("TskData.tskImgTypeEnum.unknown"));   // Unsupported Image Type
 
 		private long imgType;
-- 
GitLab