| 54c7a5f1e7a0b3ce3df2b69129aff3477d2275d2 |
|
03-Jan-2018 |
Jeff Vander Stoep <jeffv@google.com> |
LogAudit: remove dynamic rate limiter
Select a low rate-limit to cut down on logspam and resulting
performance regressions.
Functionally reverts 247d682fe1b0dd4c8f149b7f5c89c546df17873a
(logd: sepolicy dynamic rate limiting) and sets a static low
rate-limit. Before 247d682f, the limit was statically set to 20.
247d682f continued to support 20, but if sustained dropped the limit
to 5. This revert leaves us at 5 so as not to impact performance.
Test: /data/nativetest/logd-unit-tests/logd-unit-tests \
--gtest_filter=logd.sepolicy_rate_limiter
[ PASSED ] 1 test.
Bug: 71538411
Change-Id: I6c92f4ba825cc24beb8f1f1b79258fa8097c837b
/system/core/logd/libaudit.c
|
| 501c373916e292764400dbae735f44b33378400f |
|
10-Mar-2017 |
Mark Salyzyn <salyzyn@google.com> |
logd: specify clang format
Switch _all_ file's coding style to match to ease all future changes.
SideEffects: None
Test: compile
Bug: 35373582
Change-Id: I470cb17f64fa48f14aafc02f574e296bffe3a3f3
/system/core/logd/libaudit.c
|
| 247d682fe1b0dd4c8f149b7f5c89c546df17873a |
|
03-Jan-2017 |
Mark Salyzyn <salyzyn@google.com> |
logd: sepolicy dynamic rate limiting
Processing overhead for selinux violation messages is costly. We want
to deal with bursts of violations, but we have no intent of allowing
that sustained burst to go unabated as there is a cost of processing
and battery usage.
Tunables in libaudit.h are:
AUDIT_RATE_LIMIT_DEFAULT 20 /* acceptable burst rate */
AUDIT_RATE_LIMIT_BURST_DURATION 10 /* number of seconds of burst */
AUDIT_RATE_LIMIT_MAX 5 /* acceptable sustained rate */
Since we can only asymptotically handle DEFAULT rate, we set an upper
threshold of half way between the MAX and DEFAULT rate.
Default kernel audit subsystem message rate is set to 20 a second.
If sepolicy exceeds 125 violation messages over up to ten seconds
(>=~12/s), tell kernel audit subsystem to drop the rate to 5 messages
a second. If rate drops below 50 messages over the past ten seconds
(<5/s), tell kernel it is ok to increase the burst rate back to 20
messages a second.
Test: gTest logd-unit-tests --gtest_filter=logd.sepolicy_rate_limiter_*
Bug: 27878170
Change-Id: I843f8dcfbb3ecfbbe94a4865ea332c858e3be7f2
/system/core/logd/libaudit.c
|
| cfd5b080af8de527d768f0ff7902c26af8d49307 |
|
17-Oct-2016 |
Mark Salyzyn <salyzyn@google.com> |
system/core: preparation to pull back interfaces from android/log.h
Point to log/log.h where necessary, define LOG_TAG where necessary.
Accept that private/android_logger.h is suitable replacement for
log/logger.h and android/log.h.
Correct liblog/README
Effectively a cleanup and controlled select revert of
'system/core: drop or replace log/logger.h' and
'system/core: Replace log/log.h with android/log.h'.
Test: compile
Bug: 30465923
Change-Id: Ic2ad157bad6f5efe2c6af293a73bb753300b17a2
/system/core/logd/libaudit.c
|
| 0dd4431072cce3c62876b728cb20aa5b77b11a8d |
|
29-Sep-2016 |
Mark Salyzyn <salyzyn@google.com> |
logd: logcat: Replace log/log.h with android/log.h
Should use android/log.h instead of log/log.h as a good example
to all others.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: If4c9711eb57267d4707b03d54a932af9de241b13
/system/core/logd/libaudit.c
|
| 9667a66019388fb09430d3f8896ccc531eb24ef5 |
|
09-May-2015 |
Nick Kralevich <nnk@google.com> |
Revert "libaudit: limit to 5 selinux denials per sec"
The shamu instabilities continued even after throttling SELinux denials
to 5/second. 5 denials per second is too low when doing device bringup,
and there have been some complaints about lost SELinux denials. See,
for example, http://comments.gmane.org/gmane.comp.security.selinux/21941
Bring the limit back up to 20/second to prevent dropping too many
denials on the floor.
This reverts commit a15db51bbf961ff711d71c10d20e18ad2bfaef45.
Change-Id: I05e85cce0a792d05aa557fcc614c0fc019c15014
/system/core/logd/libaudit.c
|
| a15db51bbf961ff711d71c10d20e18ad2bfaef45 |
|
26-Mar-2015 |
Nick Kralevich <nnk@google.com> |
libaudit: limit to 5 selinux denials per sec
watchdog is triggering on shamu. This may be due to an excessive
number of SELinux denials. Drop the limit from 20/sec to 5/sec.
Bug: 19950451
Bug: 19949988
Change-Id: I979f11e17c241ff2ebda4dec9694ef441dc5d0ed
/system/core/logd/libaudit.c
|
| c234a1b879d9c9d8e1a797c5dcf3098249945748 |
|
19-Nov-2014 |
Nick Kralevich <nnk@google.com> |
logd: throttle SELinux denials to 20/sec
Impose a limit of 20 selinux denials per second. Denials beyond
that point don't add any value, and have the potential to cause
crashes or denial of service attacks.
Do some other misc cleanup while I'm here.
Bug: 18341932
Change-Id: I6125d629ae4d6ae131d2e53bfa41e1f50277d402
/system/core/logd/libaudit.c
|
| 29d238d2a8e12c131a4cfbccb912e525cca6b10d |
|
08-Feb-2013 |
William Roberts <w.roberts@sta.samsung.com> |
logd: selinux auditd initial commit
Initial commit for an audit daemon that writes kernel audit
messages to the Android logger. The daemon searches dmesg
for all lines that contain "audit" and writes them. Then
receiving the messages from the netlink socket.
It also formats the messages so they are compatable with
ausearch (type=<t> <m> format)
Modified: Mark Salyzyn <salyzyn@google.com>
- do not start auditd
- merge into logd, stripping unnecessary file logging.
- Convert headers and code to support C++
- Fix bugs in libaudit
- squash timestamp (replace with 0.0) due to duplication
- squash pid due to duplication
- squash comm due to duplication
Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe
/system/core/logd/libaudit.c
|