Cross Reference: /system/core/logd/LogAudit.cpp

History log of /system/core/logd/LogAudit.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
a742d1027784a54c535cff69b375a9f560893155	14-Jun-2016	Sami Tolvanen <samitolvanen@google.com>	Revert "logd: enforce policy integrity" This reverts commit 0bdad0f231103db89f2c0931616dd78309258d3b. Bug: 26902605 Change-Id: I6ce8fa7bef63c45821628265c379970eb64963a2 /system/core/logd/LogAudit.cpp
89e0429ce7ca39715fcdf950bf553ffe08a51b92	29-Feb-2016	Sami Tolvanen <samitolvanen@google.com>	logd: stop log spam when integrity enforcement is suppressed Bug: 27389331 Change-Id: I9f3bc21eb1b85b9fda4fa0a5c5b4da94e5e7cc1c (cherry pick from commit abda9340e68d71c708e0ccd81909061b5162f065) /system/core/logd/LogAudit.cpp
99fb01e42a184fa8a206c84be12b7e34cc2947bb	27-Feb-2016	Nick Kralevich <nnk@google.com>	Revert "logd: Don't trigger an integrity failure on permissive SELinux denials" external/sepolicy commit bca98efa575bedab68f2d5eaee2cd1fd1741962b ensures that no permissive domains can be on user builds, and external/sepolicy commit 3872ee396898fcb23bdc49c37fd02d81014aaa5f re-enables enforcing mode on cameraserver. The conditions which lead to the integrity failure detection triggering can no longer occur. Revert the patch which relaxed the detection. This reverts commit 33ee84f87115f1e0a2a3a6bf61dc89b97a96daa2. Bug: 27313768 Bug: 26902605 Change-Id: I8ee97d0858345695f9df8240de4e696f4a9ba008 /system/core/logd/LogAudit.cpp
33ee84f87115f1e0a2a3a6bf61dc89b97a96daa2	27-Feb-2016	Nick Kralevich <nnk@google.com>	logd: Don't trigger an integrity failure on permissive SELinux denials Only trigger an integrity failure if a policy is reloaded or SELinux is disabled. Don't trigger the integrity failure if we see a permissive=1 denial, which could occur if an SELinux domain is in permissive mode. Bug: 27313768 Bug: 26902605 Change-Id: Ib85a2799eb6378ae8acdb965b1812d691183fdd3 /system/core/logd/LogAudit.cpp
317bfb923c12af688d18fc9a3580dff201b2482b	23-Feb-2016	Mark Salyzyn <salyzyn@google.com>	logd: Allow (some) headers to be individually importable (cherry pick from commit 2ad0bd0a9b594bbe2560b405b0008b7bc742cfca) LogReader.h needs to be individually importable. Fix a few others, drop includes of local includes, let them be included in source instead and allow headers to be included alphabetically. Was not a complete audit since goal was to separate LogReader.h out from the pack. Bug: 27242723 Change-Id: Ic7759ef90995e5bd285810706af33550c73cf5b5 /system/core/logd/LogAudit.cpp
0bdad0f231103db89f2c0931616dd78309258d3b	05-Feb-2016	Sami Tolvanen <samitolvanen@google.com>	logd: enforce policy integrity If a SELinux policy change or a switch to permissive mode is detected on a user build, restart the device into safe mode, and keep it there until an OTA is applied or user data is wiped. This change deprecates the ro.logd.auditd property. Needs matching changes from I781c3059ea8d4fb2f0c923e4488b1932d69678d3 Ica825cf2af74f5624cf4091544bd24bb5482dbe7 Id3ca7889ede30b54b7af73dd50653ca1a20d59aa Bug: 26902605 Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d (cherry picked from commit d122ee65b66b5b33d51302dabbaa0d6c84597549) /system/core/logd/LogAudit.cpp
b6bee33182cedea49199eb2252b3f3b442899c6d	08-Sep-2015	Mark Salyzyn <salyzyn@google.com>	liblog: logd: support logd.timestamp = monotonic if ro.logd.timestamp or persist.logd.timestamp are set to the value monotonic then liblog writer, liblog printing and logd all switch to recording/printing monotonic time rather than realtime. If reinit detects a change for presist.logd.timestamp, correct the older entry timestamps in place. ToDo: A corner case condition where new log entries in monotonic time occur before logd reinit detects persist.logd.timestamp, there will be a few out-of-order entries, but with accurate timestamps. This problem does not happen for ro.logd.timestamp as it is set before logd starts. NB: This offers a nano second time accuracy on all log entries that may be more suitable for merging with other system activities, such as systrace, that also use monotonic time. This feature is for debugging. Bug: 23668800 Change-Id: Iee6dab7140061b1a6627254921411f61b01aa5c2 /system/core/logd/LogAudit.cpp
758058ffd8820df71c27db7675c50a90a5fa02b4	22-Aug-2015	Mark Salyzyn <salyzyn@google.com>	logd: object layer format statistics Simplify table generation by placing the line and header formatting into each type's (UID, PID, TID) object. Switch to const return values for the ownership passing functions (*ToName() functions and methods). Use longer variable names to reduce confusion. Switch from LINES To NUM for pruned column as that more accurately reflects what is dropped since one entry can contain several lines. Bug: 22855208 Change-Id: Ib110dce98a68cf5f844eb30f8a192a1f691eeba2 /system/core/logd/LogAudit.cpp
ddda212faa81d62f637926680cd8163345120f71	02-Oct-2015	Mark Salyzyn <salyzyn@google.com>	logd: optimize code hotspots Discovered that we had a few libc hotspots. Adjust code to generally reduce or nullify the number of calls to malloc, free, strlen, strcmp, strncmp, memcmp & strncasecmp. Total gain looks to be about 3% of logd's processing time. malloc still contributes to 3%, but all others are now total 0.5%. Bug: 23685592 Change-Id: Ife721121667969260cdb8b055524ae90f5911278 /system/core/logd/LogAudit.cpp
151beac76d372c5c1bd71e656a6cfbd177e36509	04-Sep-2015	Mark Salyzyn <salyzyn@google.com>	logd: klogd deal with nuls in dmesg Switch to using string and length in all transactions, treating trailing nuls the same as spaces. ToDo: change dumpstate (bugreport) to use logcat -b printable _regardless_ Bug: 23517551 Change-Id: I42162365e6bf8ed79d356e7b689a673902116fdb /system/core/logd/LogAudit.cpp
ed777e9eece54bf899f1a77a83f8b702970de686	25-Jun-2015	Mark Salyzyn <salyzyn@google.com>	logd: serialize accesses to stats helpers Quick low-risk to resolve possible hash table corruption. Resolved an unlikely path memory leak. ToDo: replace lock with nested lock so no lock helpers are required. Bug: 22068332 Change-Id: I303ab06608502c7d61d42f111a9c43366f184d0c /system/core/logd/LogAudit.cpp
7718778793b106498b931dd708a466cf3a6f6a0f	13-May-2015	Mark Salyzyn <salyzyn@google.com>	logd: Cleanup - Android Coding Standard for Constructors - Side effects NONE Change-Id: I2cda9dd73f3ac3ab58f394015cb810820093d47b /system/core/logd/LogAudit.cpp
ae4d928d816e30dbe57c2c321b0f0759d0567b3f	15-Oct-2014	Mark Salyzyn <salyzyn@google.com>	logd: Add klogd - Add a klogd to collect the kernel logs and place them into a new kernel log buffer - Parse priority, tag and message from the kernel log messages. - Turn off pruning for worst UID for the kernel log buffer - Sniff for 'PM: suspend exit', 'PM: suspend enter' and 'Suspended for' messages and correct the internal definition time correction against monotonic dynamically. - Discern if we have monotonic or real time (delineation 1980) in audit messages. - perform appropriate math to correct the timestamp to be real time - filter out any external sources of kernel logging Change-Id: I8d4c7c5ac19f1f3218079ee3a05a50e2ca55f60d /system/core/logd/LogAudit.cpp
202e153f94a0957185ae4b4bed4c5356513e4322	09-Feb-2015	Mark Salyzyn <salyzyn@google.com>	logd: propagate ::log status Add a return value for the ::log() methods, this allows us to optimize the wakeup for the readers to only occur when the log message is actually placed. This is for a future where we may dedupe identical log messages, filter out log messages, and certainly if we filter the messages out with an internal logd check of __android_log_is_loggable(). Change-Id: I763b2a7c29502ab7fa0a5d5022c7b60244fcfde4 /system/core/logd/LogAudit.cpp
56c6575da72653c3ffd79baf1b431574d6f7e1ea	15-Apr-2015	Mark Salyzyn <salyzyn@google.com>	Merge "logd: syscall optimization"
58ba58a97c8ec56b2c2a32d6cda19a3a57e3cccf	07-Apr-2015	Nick Kralevich <nnk@google.com>	logd: Don't embed a flexible array member within another struct C (but not C++) has a concept of a flexible array member, which is documented at https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html . Using a flexible array member indicates that the structure is really a header for a variable length object. In logd's case, the variable length structure android_event_string_t was embedded within another structure called android_log_event_string_t. This makes gcc's __builtin_object_size() function really confused. When compiling with C++, __builtin_object_size(android_log_event_string_t.payload.data, 1) would return 0, whereas if you compiled the code with C, the same call would (properly) return -1. Code which does automatic bounds checking, such as the proposed patch at https://android-review.googlesource.com/145411 , will cause problems for logd if this syntax is used. Don't try to embed a variable length structure within another structure. This doesn't appear to be valid C nor C++, and while it's worked, it seems problematic. Instead, inline the structure so it's one big happy structure. Change-Id: I8ac02b7142a4f6560f5f80df2effcf720f9896fc /system/core/logd/LogAudit.cpp
e3aeeeeccc260c29ca5907a444f8d746bcc2f8a5	17-Mar-2015	Mark Salyzyn <salyzyn@google.com>	logd: syscall optimization - prset(PR_SET_NAME) call once - No need to call getuid(), should be AID_LOGD Change-Id: I4dde0b178bc84e711b355cd7677b0dbf905a0634 /system/core/logd/LogAudit.cpp
ccbadc6be015553357a4c50de48dea46cb1adcba	12-Mar-2015	Mark Salyzyn <salyzyn@google.com>	logd: report reinit Bug: 19681572 Change-Id: I343b9d108f064f87df79512a0fdf1b35513c3136 /system/core/logd/LogAudit.cpp
29eb57066c37bf667a56bb4a7143b50664d5eb44	04-Mar-2015	Mark Salyzyn <salyzyn@google.com>	logd: use <endian.h> Change-Id: Iba843c054ea4fbe1a26c7821b5613fdb5e8001a1 /system/core/logd/LogAudit.cpp
eb06de716b4f33e9fdb1c41f0cce61084545bfd5	13-Oct-2014	Mark Salyzyn <salyzyn@google.com>	logd: auditd remove logDmesg method - logDmesg method consumes considerable memory resources (typically 128KB depending on kernel) - In the future (eg: klogd, syslogd) there may be need to feed multiple logs or threads with the retrieved data. - By moving the actions of logDmesg into the mainline that instantiates the thread objects, we can leverage a single allocation of the the kernel log allocation. - logDmesg (private) is replaced with log (public) which has a more useful and descriptive purpose for the class. Change-Id: Ie2dd0370661493c1e596a7e486904a0e8caab9ff /system/core/logd/LogAudit.cpp
c234a1b879d9c9d8e1a797c5dcf3098249945748	19-Nov-2014	Nick Kralevich <nnk@google.com>	logd: throttle SELinux denials to 20/sec Impose a limit of 20 selinux denials per second. Denials beyond that point don't add any value, and have the potential to cause crashes or denial of service attacks. Do some other misc cleanup while I'm here. Bug: 18341932 Change-Id: I6125d629ae4d6ae131d2e53bfa41e1f50277d402 /system/core/logd/LogAudit.cpp
7ee2aef8e0fd8aaa601c8c17e5429fa65b22e00d	28-Sep-2014	Mark Salyzyn <salyzyn@google.com>	logd: auditd: report facility LOG_AUTH Change-Id: Ie325e1b58f52b6c728d5cfd6f6b87287fcf32e10 /system/core/logd/LogAudit.cpp
6bdeee0ce6898abd3873a758c47601efcdcc1b7c	19-Sep-2014	Mark Salyzyn <salyzyn@google.com>	logd: auditd: kmsg priority Change-Id: I2016fe140e2daf6c69efbd10aef205fffb931aa1 /system/core/logd/LogAudit.cpp
e4369d68a255790ff0ed21ba31d3dcbb520df09d	27-May-2014	Mark Salyzyn <salyzyn@google.com>	logd: logcat: debuggerd: audit logs to events and main - auditd spawn log copy to events and main - logcat delete events as one of the default logs - debuggerd do not collect events. - squish multiple spaces - switch from strcpy to memmove for overlapping buffers BUG: 14626551 Change-Id: I89b30273ce931ed2b25a53ea9be48e77f4c1bbf4 /system/core/logd/LogAudit.cpp
989980c55d9a11766b8698a97ce5eef3d8cfa286	14-May-2014	Mark Salyzyn <salyzyn@google.com>	logd: logcat: debuggerd: auditd logs to events - auditd switch to recording logs to events log id - logcat add events as one of the default logs - debuggerd collect events log as well. ToDo: debuggerd & bugreport collect intermixed logs. BUG: 14626551 Change-Id: I958f0e729b7596748be57488a38824db5645be7b /system/core/logd/LogAudit.cpp
e0fa291e898b451dc198ed52cebac3ffefac066e	29-Apr-2014	Mark Salyzyn <salyzyn@google.com>	logd: add logd.auditd property - permit us a mechanism to disable auditd - standardize property boolean Bug: 14275676 Change-Id: I76f245c6aee511ed44274159e0ea55915b484dda /system/core/logd/LogAudit.cpp
8daa9af02dc0e63ce220e3fa95bf5fe4d6b7a99a	28-Apr-2014	Mark Salyzyn <salyzyn@google.com>	logd: add thread setname - permits easier determination of logd thread at fault in a stack trace from debuggerd. Bug: 14275676 Change-Id: Iac2c523147e2bcce34ab7ddcecd02582c5fa7cc0 /system/core/logd/LogAudit.cpp
e9bebd0eb1845f0c6009ce2edc5aeb47bf89e397	03-Apr-2014	Mark Salyzyn <salyzyn@google.com>	logd: auditd: add logd.auditd.dmesg property Change-Id: If4a579c2221eec99cf3f6acf59ead8c2d5230517 /system/core/logd/LogAudit.cpp
29d238d2a8e12c131a4cfbccb912e525cca6b10d	08-Feb-2013	William Roberts <w.roberts@sta.samsung.com>	logd: selinux auditd initial commit Initial commit for an audit daemon that writes kernel audit messages to the Android logger. The daemon searches dmesg for all lines that contain "audit" and writes them. Then receiving the messages from the netlink socket. It also formats the messages so they are compatable with ausearch (type=<t> <m> format) Modified: Mark Salyzyn <salyzyn@google.com> - do not start auditd - merge into logd, stripping unnecessary file logging. - Convert headers and code to support C++ - Fix bugs in libaudit - squash timestamp (replace with 0.0) due to duplication - squash pid due to duplication - squash comm due to duplication Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe /system/core/logd/LogAudit.cpp