| 5803b79528b40adab466fbd4edf98d5c94802b53 |
|
25-Jun-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: serialize accesses to stats helpers
(cherry pick from commit ed777e9eece54bf899f1a77a83f8b702970de686)
Quick low-risk to resolve possible hash table corruption.
Resolved an unlikely path memory leak.
ToDo: replace lock with nested lock so no lock
helpers are required.
Bug: 22068332
Change-Id: I303ab06608502c7d61d42f111a9c43366f184d0c
/system/core/logd/LogAudit.cpp
|
| 66091f11f427587bf810d89b0f64be556e1cd168 |
|
13-May-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: Cleanup
(cherry pick from commit 7718778793b106498b931dd708a466cf3a6f6a0f)
- Android Coding Standard for Constructors
- Side effects NONE
Change-Id: I2cda9dd73f3ac3ab58f394015cb810820093d47b
/system/core/logd/LogAudit.cpp
|
| a1aacb71f387c91d5fe383b8aaa5b0be2ec9cd3c |
|
15-Oct-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: Add klogd
(cherry pick from commit ae4d928d816e30dbe57c2c321b0f0759d0567b3f)
- Add a klogd to collect the kernel logs and place them into a
new kernel log buffer
- Parse priority, tag and message from the kernel log messages.
- Turn off pruning for worst UID for the kernel log buffer
- Sniff for 'PM: suspend exit', 'PM: suspend enter' and
'Suspended for' messages and correct the internal definition
time correction against monotonic dynamically.
- Discern if we have monotonic or real time (delineation 1980) in
audit messages.
- perform appropriate math to correct the timestamp to be real time
- filter out any external sources of kernel logging
Change-Id: I8d4c7c5ac19f1f3218079ee3a05a50e2ca55f60d
/system/core/logd/LogAudit.cpp
|
| 202e153f94a0957185ae4b4bed4c5356513e4322 |
|
09-Feb-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: propagate ::log status
Add a return value for the ::log() methods, this allows
us to optimize the wakeup for the readers to only occur
when the log message is actually placed.
This is for a future where we may dedupe identical log
messages, filter out log messages, and certainly if we
filter the messages out with an internal logd check of
__android_log_is_loggable().
Change-Id: I763b2a7c29502ab7fa0a5d5022c7b60244fcfde4
/system/core/logd/LogAudit.cpp
|
| 56c6575da72653c3ffd79baf1b431574d6f7e1ea |
|
15-Apr-2015 |
Mark Salyzyn <salyzyn@google.com> |
Merge "logd: syscall optimization"
|
| 58ba58a97c8ec56b2c2a32d6cda19a3a57e3cccf |
|
07-Apr-2015 |
Nick Kralevich <nnk@google.com> |
logd: Don't embed a flexible array member within another struct
C (but not C++) has a concept of a flexible array member, which
is documented at https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html .
Using a flexible array member indicates that the structure is
really a header for a variable length object.
In logd's case, the variable length structure android_event_string_t
was embedded within another structure called
android_log_event_string_t. This makes gcc's __builtin_object_size()
function really confused. When compiling with C++,
__builtin_object_size(android_log_event_string_t.payload.data, 1)
would return 0, whereas if you compiled the code with C, the same
call would (properly) return -1.
Code which does automatic bounds checking, such as the proposed
patch at https://android-review.googlesource.com/145411 , will
cause problems for logd if this syntax is used.
Don't try to embed a variable length structure within another
structure. This doesn't appear to be valid C nor C++, and
while it's worked, it seems problematic.
Instead, inline the structure so it's one big happy structure.
Change-Id: I8ac02b7142a4f6560f5f80df2effcf720f9896fc
/system/core/logd/LogAudit.cpp
|
| e3aeeeeccc260c29ca5907a444f8d746bcc2f8a5 |
|
17-Mar-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: syscall optimization
- prset(PR_SET_NAME) call once
- No need to call getuid(), should be AID_LOGD
Change-Id: I4dde0b178bc84e711b355cd7677b0dbf905a0634
/system/core/logd/LogAudit.cpp
|
| ccbadc6be015553357a4c50de48dea46cb1adcba |
|
12-Mar-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: report reinit
Bug: 19681572
Change-Id: I343b9d108f064f87df79512a0fdf1b35513c3136
/system/core/logd/LogAudit.cpp
|
| 29eb57066c37bf667a56bb4a7143b50664d5eb44 |
|
04-Mar-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: use <endian.h>
Change-Id: Iba843c054ea4fbe1a26c7821b5613fdb5e8001a1
/system/core/logd/LogAudit.cpp
|
| eb06de716b4f33e9fdb1c41f0cce61084545bfd5 |
|
13-Oct-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd remove logDmesg method
- logDmesg method consumes considerable memory
resources (typically 128KB depending on kernel)
- In the future (eg: klogd, syslogd) there may be need to
feed multiple logs or threads with the retrieved data.
- By moving the actions of logDmesg into the mainline that
instantiates the thread objects, we can leverage a single
allocation of the the kernel log allocation.
- logDmesg (private) is replaced with log (public) which
has a more useful and descriptive purpose for the class.
Change-Id: Ie2dd0370661493c1e596a7e486904a0e8caab9ff
/system/core/logd/LogAudit.cpp
|
| c234a1b879d9c9d8e1a797c5dcf3098249945748 |
|
19-Nov-2014 |
Nick Kralevich <nnk@google.com> |
logd: throttle SELinux denials to 20/sec
Impose a limit of 20 selinux denials per second. Denials beyond
that point don't add any value, and have the potential to cause
crashes or denial of service attacks.
Do some other misc cleanup while I'm here.
Bug: 18341932
Change-Id: I6125d629ae4d6ae131d2e53bfa41e1f50277d402
/system/core/logd/LogAudit.cpp
|
| 7ee2aef8e0fd8aaa601c8c17e5429fa65b22e00d |
|
28-Sep-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd: report facility LOG_AUTH
Change-Id: Ie325e1b58f52b6c728d5cfd6f6b87287fcf32e10
/system/core/logd/LogAudit.cpp
|
| 6bdeee0ce6898abd3873a758c47601efcdcc1b7c |
|
19-Sep-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd: kmsg priority
Change-Id: I2016fe140e2daf6c69efbd10aef205fffb931aa1
/system/core/logd/LogAudit.cpp
|
| e4369d68a255790ff0ed21ba31d3dcbb520df09d |
|
27-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: logcat: debuggerd: audit logs to events and main
- auditd spawn log copy to events and main
- logcat delete events as one of the default logs
- debuggerd do not collect events.
- squish multiple spaces
- switch from strcpy to memmove for overlapping buffers
BUG: 14626551
Change-Id: I89b30273ce931ed2b25a53ea9be48e77f4c1bbf4
/system/core/logd/LogAudit.cpp
|
| 989980c55d9a11766b8698a97ce5eef3d8cfa286 |
|
14-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: logcat: debuggerd: auditd logs to events
- auditd switch to recording logs to events log id
- logcat add events as one of the default logs
- debuggerd collect events log as well.
ToDo: debuggerd & bugreport collect intermixed logs.
BUG: 14626551
Change-Id: I958f0e729b7596748be57488a38824db5645be7b
/system/core/logd/LogAudit.cpp
|
| e0fa291e898b451dc198ed52cebac3ffefac066e |
|
29-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: add logd.auditd property
- permit us a mechanism to disable auditd
- standardize property boolean
Bug: 14275676
Change-Id: I76f245c6aee511ed44274159e0ea55915b484dda
/system/core/logd/LogAudit.cpp
|
| 8daa9af02dc0e63ce220e3fa95bf5fe4d6b7a99a |
|
28-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: add thread setname
- permits easier determination of logd thread at
fault in a stack trace from debuggerd.
Bug: 14275676
Change-Id: Iac2c523147e2bcce34ab7ddcecd02582c5fa7cc0
/system/core/logd/LogAudit.cpp
|
| e9bebd0eb1845f0c6009ce2edc5aeb47bf89e397 |
|
03-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd: add logd.auditd.dmesg property
Change-Id: If4a579c2221eec99cf3f6acf59ead8c2d5230517
/system/core/logd/LogAudit.cpp
|
| 29d238d2a8e12c131a4cfbccb912e525cca6b10d |
|
08-Feb-2013 |
William Roberts <w.roberts@sta.samsung.com> |
logd: selinux auditd initial commit
Initial commit for an audit daemon that writes kernel audit
messages to the Android logger. The daemon searches dmesg
for all lines that contain "audit" and writes them. Then
receiving the messages from the netlink socket.
It also formats the messages so they are compatable with
ausearch (type=<t> <m> format)
Modified: Mark Salyzyn <salyzyn@google.com>
- do not start auditd
- merge into logd, stripping unnecessary file logging.
- Convert headers and code to support C++
- Fix bugs in libaudit
- squash timestamp (replace with 0.0) due to duplication
- squash pid due to duplication
- squash comm due to duplication
Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe
/system/core/logd/LogAudit.cpp
|