a742d1027784a54c535cff69b375a9f560893155 |
|
14-Jun-2016 |
Sami Tolvanen <samitolvanen@google.com> |
Revert "logd: enforce policy integrity" This reverts commit 0bdad0f231103db89f2c0931616dd78309258d3b. Bug: 26902605 Change-Id: I6ce8fa7bef63c45821628265c379970eb64963a2
/system/core/logd/LogAudit.cpp
|
89e0429ce7ca39715fcdf950bf553ffe08a51b92 |
|
29-Feb-2016 |
Sami Tolvanen <samitolvanen@google.com> |
logd: stop log spam when integrity enforcement is suppressed Bug: 27389331 Change-Id: I9f3bc21eb1b85b9fda4fa0a5c5b4da94e5e7cc1c (cherry pick from commit abda9340e68d71c708e0ccd81909061b5162f065)
/system/core/logd/LogAudit.cpp
|
99fb01e42a184fa8a206c84be12b7e34cc2947bb |
|
27-Feb-2016 |
Nick Kralevich <nnk@google.com> |
Revert "logd: Don't trigger an integrity failure on permissive SELinux denials" external/sepolicy commit bca98efa575bedab68f2d5eaee2cd1fd1741962b ensures that no permissive domains can be on user builds, and external/sepolicy commit 3872ee396898fcb23bdc49c37fd02d81014aaa5f re-enables enforcing mode on cameraserver. The conditions which lead to the integrity failure detection triggering can no longer occur. Revert the patch which relaxed the detection. This reverts commit 33ee84f87115f1e0a2a3a6bf61dc89b97a96daa2. Bug: 27313768 Bug: 26902605 Change-Id: I8ee97d0858345695f9df8240de4e696f4a9ba008
/system/core/logd/LogAudit.cpp
|
33ee84f87115f1e0a2a3a6bf61dc89b97a96daa2 |
|
27-Feb-2016 |
Nick Kralevich <nnk@google.com> |
logd: Don't trigger an integrity failure on permissive SELinux denials Only trigger an integrity failure if a policy is reloaded or SELinux is disabled. Don't trigger the integrity failure if we see a permissive=1 denial, which could occur if an SELinux domain is in permissive mode. Bug: 27313768 Bug: 26902605 Change-Id: Ib85a2799eb6378ae8acdb965b1812d691183fdd3
/system/core/logd/LogAudit.cpp
|
317bfb923c12af688d18fc9a3580dff201b2482b |
|
23-Feb-2016 |
Mark Salyzyn <salyzyn@google.com> |
logd: Allow (some) headers to be individually importable (cherry pick from commit 2ad0bd0a9b594bbe2560b405b0008b7bc742cfca) LogReader.h needs to be individually importable. Fix a few others, drop includes of local includes, let them be included in source instead and allow headers to be included alphabetically. Was not a complete audit since goal was to separate LogReader.h out from the pack. Bug: 27242723 Change-Id: Ic7759ef90995e5bd285810706af33550c73cf5b5
/system/core/logd/LogAudit.cpp
|
0bdad0f231103db89f2c0931616dd78309258d3b |
|
05-Feb-2016 |
Sami Tolvanen <samitolvanen@google.com> |
logd: enforce policy integrity If a SELinux policy change or a switch to permissive mode is detected on a user build, restart the device into safe mode, and keep it there until an OTA is applied or user data is wiped. This change deprecates the ro.logd.auditd property. Needs matching changes from I781c3059ea8d4fb2f0c923e4488b1932d69678d3 Ica825cf2af74f5624cf4091544bd24bb5482dbe7 Id3ca7889ede30b54b7af73dd50653ca1a20d59aa Bug: 26902605 Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d (cherry picked from commit d122ee65b66b5b33d51302dabbaa0d6c84597549)
/system/core/logd/LogAudit.cpp
|
b6bee33182cedea49199eb2252b3f3b442899c6d |
|
08-Sep-2015 |
Mark Salyzyn <salyzyn@google.com> |
liblog: logd: support logd.timestamp = monotonic if ro.logd.timestamp or persist.logd.timestamp are set to the value monotonic then liblog writer, liblog printing and logd all switch to recording/printing monotonic time rather than realtime. If reinit detects a change for presist.logd.timestamp, correct the older entry timestamps in place. ToDo: A corner case condition where new log entries in monotonic time occur before logd reinit detects persist.logd.timestamp, there will be a few out-of-order entries, but with accurate timestamps. This problem does not happen for ro.logd.timestamp as it is set before logd starts. NB: This offers a nano second time accuracy on all log entries that may be more suitable for merging with other system activities, such as systrace, that also use monotonic time. This feature is for debugging. Bug: 23668800 Change-Id: Iee6dab7140061b1a6627254921411f61b01aa5c2
/system/core/logd/LogAudit.cpp
|
758058ffd8820df71c27db7675c50a90a5fa02b4 |
|
22-Aug-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: object layer format statistics Simplify table generation by placing the line and header formatting into each type's (UID, PID, TID) object. Switch to const return values for the ownership passing functions (*ToName() functions and methods). Use longer variable names to reduce confusion. Switch from LINES To NUM for pruned column as that more accurately reflects what is dropped since one entry can contain several lines. Bug: 22855208 Change-Id: Ib110dce98a68cf5f844eb30f8a192a1f691eeba2
/system/core/logd/LogAudit.cpp
|
ddda212faa81d62f637926680cd8163345120f71 |
|
02-Oct-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: optimize code hotspots Discovered that we had a few libc hotspots. Adjust code to generally reduce or nullify the number of calls to malloc, free, strlen, strcmp, strncmp, memcmp & strncasecmp. Total gain looks to be about 3% of logd's processing time. malloc still contributes to 3%, but all others are now total 0.5%. Bug: 23685592 Change-Id: Ife721121667969260cdb8b055524ae90f5911278
/system/core/logd/LogAudit.cpp
|
151beac76d372c5c1bd71e656a6cfbd177e36509 |
|
04-Sep-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: klogd deal with nuls in dmesg Switch to using string and length in all transactions, treating trailing nuls the same as spaces. ToDo: change dumpstate (bugreport) to use logcat -b printable _regardless_ Bug: 23517551 Change-Id: I42162365e6bf8ed79d356e7b689a673902116fdb
/system/core/logd/LogAudit.cpp
|
ed777e9eece54bf899f1a77a83f8b702970de686 |
|
25-Jun-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: serialize accesses to stats helpers Quick low-risk to resolve possible hash table corruption. Resolved an unlikely path memory leak. ToDo: replace lock with nested lock so no lock helpers are required. Bug: 22068332 Change-Id: I303ab06608502c7d61d42f111a9c43366f184d0c
/system/core/logd/LogAudit.cpp
|
7718778793b106498b931dd708a466cf3a6f6a0f |
|
13-May-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: Cleanup - Android Coding Standard for Constructors - Side effects NONE Change-Id: I2cda9dd73f3ac3ab58f394015cb810820093d47b
/system/core/logd/LogAudit.cpp
|
ae4d928d816e30dbe57c2c321b0f0759d0567b3f |
|
15-Oct-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: Add klogd - Add a klogd to collect the kernel logs and place them into a new kernel log buffer - Parse priority, tag and message from the kernel log messages. - Turn off pruning for worst UID for the kernel log buffer - Sniff for 'PM: suspend exit', 'PM: suspend enter' and 'Suspended for' messages and correct the internal definition time correction against monotonic dynamically. - Discern if we have monotonic or real time (delineation 1980) in audit messages. - perform appropriate math to correct the timestamp to be real time - filter out any external sources of kernel logging Change-Id: I8d4c7c5ac19f1f3218079ee3a05a50e2ca55f60d
/system/core/logd/LogAudit.cpp
|
202e153f94a0957185ae4b4bed4c5356513e4322 |
|
09-Feb-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: propagate ::log status Add a return value for the ::log() methods, this allows us to optimize the wakeup for the readers to only occur when the log message is actually placed. This is for a future where we may dedupe identical log messages, filter out log messages, and certainly if we filter the messages out with an internal logd check of __android_log_is_loggable(). Change-Id: I763b2a7c29502ab7fa0a5d5022c7b60244fcfde4
/system/core/logd/LogAudit.cpp
|
56c6575da72653c3ffd79baf1b431574d6f7e1ea |
|
15-Apr-2015 |
Mark Salyzyn <salyzyn@google.com> |
Merge "logd: syscall optimization"
|
58ba58a97c8ec56b2c2a32d6cda19a3a57e3cccf |
|
07-Apr-2015 |
Nick Kralevich <nnk@google.com> |
logd: Don't embed a flexible array member within another struct C (but not C++) has a concept of a flexible array member, which is documented at https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html . Using a flexible array member indicates that the structure is really a header for a variable length object. In logd's case, the variable length structure android_event_string_t was embedded within another structure called android_log_event_string_t. This makes gcc's __builtin_object_size() function really confused. When compiling with C++, __builtin_object_size(android_log_event_string_t.payload.data, 1) would return 0, whereas if you compiled the code with C, the same call would (properly) return -1. Code which does automatic bounds checking, such as the proposed patch at https://android-review.googlesource.com/145411 , will cause problems for logd if this syntax is used. Don't try to embed a variable length structure within another structure. This doesn't appear to be valid C nor C++, and while it's worked, it seems problematic. Instead, inline the structure so it's one big happy structure. Change-Id: I8ac02b7142a4f6560f5f80df2effcf720f9896fc
/system/core/logd/LogAudit.cpp
|
e3aeeeeccc260c29ca5907a444f8d746bcc2f8a5 |
|
17-Mar-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: syscall optimization - prset(PR_SET_NAME) call once - No need to call getuid(), should be AID_LOGD Change-Id: I4dde0b178bc84e711b355cd7677b0dbf905a0634
/system/core/logd/LogAudit.cpp
|
ccbadc6be015553357a4c50de48dea46cb1adcba |
|
12-Mar-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: report reinit Bug: 19681572 Change-Id: I343b9d108f064f87df79512a0fdf1b35513c3136
/system/core/logd/LogAudit.cpp
|
29eb57066c37bf667a56bb4a7143b50664d5eb44 |
|
04-Mar-2015 |
Mark Salyzyn <salyzyn@google.com> |
logd: use <endian.h> Change-Id: Iba843c054ea4fbe1a26c7821b5613fdb5e8001a1
/system/core/logd/LogAudit.cpp
|
eb06de716b4f33e9fdb1c41f0cce61084545bfd5 |
|
13-Oct-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd remove logDmesg method - logDmesg method consumes considerable memory resources (typically 128KB depending on kernel) - In the future (eg: klogd, syslogd) there may be need to feed multiple logs or threads with the retrieved data. - By moving the actions of logDmesg into the mainline that instantiates the thread objects, we can leverage a single allocation of the the kernel log allocation. - logDmesg (private) is replaced with log (public) which has a more useful and descriptive purpose for the class. Change-Id: Ie2dd0370661493c1e596a7e486904a0e8caab9ff
/system/core/logd/LogAudit.cpp
|
c234a1b879d9c9d8e1a797c5dcf3098249945748 |
|
19-Nov-2014 |
Nick Kralevich <nnk@google.com> |
logd: throttle SELinux denials to 20/sec Impose a limit of 20 selinux denials per second. Denials beyond that point don't add any value, and have the potential to cause crashes or denial of service attacks. Do some other misc cleanup while I'm here. Bug: 18341932 Change-Id: I6125d629ae4d6ae131d2e53bfa41e1f50277d402
/system/core/logd/LogAudit.cpp
|
7ee2aef8e0fd8aaa601c8c17e5429fa65b22e00d |
|
28-Sep-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd: report facility LOG_AUTH Change-Id: Ie325e1b58f52b6c728d5cfd6f6b87287fcf32e10
/system/core/logd/LogAudit.cpp
|
6bdeee0ce6898abd3873a758c47601efcdcc1b7c |
|
19-Sep-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd: kmsg priority Change-Id: I2016fe140e2daf6c69efbd10aef205fffb931aa1
/system/core/logd/LogAudit.cpp
|
e4369d68a255790ff0ed21ba31d3dcbb520df09d |
|
27-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: logcat: debuggerd: audit logs to events and main - auditd spawn log copy to events and main - logcat delete events as one of the default logs - debuggerd do not collect events. - squish multiple spaces - switch from strcpy to memmove for overlapping buffers BUG: 14626551 Change-Id: I89b30273ce931ed2b25a53ea9be48e77f4c1bbf4
/system/core/logd/LogAudit.cpp
|
989980c55d9a11766b8698a97ce5eef3d8cfa286 |
|
14-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: logcat: debuggerd: auditd logs to events - auditd switch to recording logs to events log id - logcat add events as one of the default logs - debuggerd collect events log as well. ToDo: debuggerd & bugreport collect intermixed logs. BUG: 14626551 Change-Id: I958f0e729b7596748be57488a38824db5645be7b
/system/core/logd/LogAudit.cpp
|
e0fa291e898b451dc198ed52cebac3ffefac066e |
|
29-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: add logd.auditd property - permit us a mechanism to disable auditd - standardize property boolean Bug: 14275676 Change-Id: I76f245c6aee511ed44274159e0ea55915b484dda
/system/core/logd/LogAudit.cpp
|
8daa9af02dc0e63ce220e3fa95bf5fe4d6b7a99a |
|
28-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: add thread setname - permits easier determination of logd thread at fault in a stack trace from debuggerd. Bug: 14275676 Change-Id: Iac2c523147e2bcce34ab7ddcecd02582c5fa7cc0
/system/core/logd/LogAudit.cpp
|
e9bebd0eb1845f0c6009ce2edc5aeb47bf89e397 |
|
03-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd: add logd.auditd.dmesg property Change-Id: If4a579c2221eec99cf3f6acf59ead8c2d5230517
/system/core/logd/LogAudit.cpp
|
29d238d2a8e12c131a4cfbccb912e525cca6b10d |
|
08-Feb-2013 |
William Roberts <w.roberts@sta.samsung.com> |
logd: selinux auditd initial commit Initial commit for an audit daemon that writes kernel audit messages to the Android logger. The daemon searches dmesg for all lines that contain "audit" and writes them. Then receiving the messages from the netlink socket. It also formats the messages so they are compatable with ausearch (type=<t> <m> format) Modified: Mark Salyzyn <salyzyn@google.com> - do not start auditd - merge into logd, stripping unnecessary file logging. - Convert headers and code to support C++ - Fix bugs in libaudit - squash timestamp (replace with 0.0) due to duplication - squash pid due to duplication - squash comm due to duplication Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe
/system/core/logd/LogAudit.cpp
|