diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp index ee2f32d24..c7c024995 100644 --- a/logd/LogAudit.cpp +++ b/logd/LogAudit.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include #include #include @@ -33,21 +32,23 @@ '0' + (LOG_AUTH | (PRI)) % 10, \ '>' -LogAudit::LogAudit(LogBuffer *buf, LogReader *reader, int fdDmsg) +LogAudit::LogAudit(LogBuffer *buf, LogReader *reader, int fdDmesg) : SocketListener(getLogSocket(), false) , logbuf(buf) , reader(reader) - , fdDmesg(-1) { + , fdDmesg(fdDmesg) + , initialized(false) { static const char auditd_message[] = { KMSG_PRIORITY(LOG_INFO), 'l', 'o', 'g', 'd', '.', 'a', 'u', 'd', 'i', 't', 'd', ':', ' ', 's', 't', 'a', 'r', 't', '\n' }; - write(fdDmsg, auditd_message, sizeof(auditd_message)); - logDmesg(); - fdDmesg = fdDmsg; + write(fdDmesg, auditd_message, sizeof(auditd_message)); } bool LogAudit::onDataAvailable(SocketClient *cli) { - prctl(PR_SET_NAME, "logd.auditd"); + if (!initialized) { + prctl(PR_SET_NAME, "logd.auditd"); + initialized = true; + } struct audit_message rep; @@ -60,7 +61,8 @@ bool LogAudit::onDataAvailable(SocketClient *cli) { return false; } - logPrint("type=%d %.*s", rep.nlh.nlmsg_type, rep.nlh.nlmsg_len, rep.data); + logPrint("type=%d %.*s", + rep.nlh.nlmsg_type, rep.nlh.nlmsg_len, rep.data); return true; } @@ -87,7 +89,7 @@ int LogAudit::logPrint(const char *fmt, ...) { } bool info = strstr(str, " permissive=1") || strstr(str, " policy loaded "); - if (fdDmesg >= 0) { + if ((fdDmesg >= 0) && initialized) { struct iovec iov[3]; static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) }; static const char log_warning[] = { KMSG_PRIORITY(LOG_WARNING) }; @@ -213,34 +215,23 @@ int LogAudit::logPrint(const char *fmt, ...) { return rc; } -void LogAudit::logDmesg() { - int len = klogctl(KLOG_SIZE_BUFFER, NULL, 0); - if (len <= 0) { - return; +int LogAudit::log(char *buf) { + char *audit = strstr(buf, " audit("); + if (!audit) { + return 0; } - len++; - char buf[len]; + *audit = '\0'; - int rc = klogctl(KLOG_READ_ALL, buf, len); - - buf[len - 1] = '\0'; - - for(char *tok = buf; (rc >= 0) && ((tok = strtok(tok, "\r\n"))); tok = NULL) { - char *audit = strstr(tok, " audit("); - if (!audit) { - continue; - } - - *audit++ = '\0'; - - char *type = strstr(tok, "type="); - if (type) { - rc = logPrint("%s %s", type, audit); - } else { - rc = logPrint("%s", audit); - } + int rc; + char *type = strstr(buf, "type="); + if (type) { + rc = logPrint("%s %s", type, audit + 1); + } else { + rc = logPrint("%s", audit + 1); } + *audit = ' '; + return rc; } int LogAudit::getLogSocket() { diff --git a/logd/LogAudit.h b/logd/LogAudit.h index 111030a89..f977be983 100644 --- a/logd/LogAudit.h +++ b/logd/LogAudit.h @@ -24,16 +24,17 @@ class LogAudit : public SocketListener { LogBuffer *logbuf; LogReader *reader; int fdDmesg; + bool initialized; public: LogAudit(LogBuffer *buf, LogReader *reader, int fdDmesg); + int log(char *buf); protected: virtual bool onDataAvailable(SocketClient *cli); private: static int getLogSocket(); - void logDmesg(); int logPrint(const char *fmt, ...) __attribute__ ((__format__ (__printf__, 2, 3))); }; diff --git a/logd/main.cpp b/logd/main.cpp index 54da7e3cd..946a9a0f7 100644 --- a/logd/main.cpp +++ b/logd/main.cpp @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -195,6 +196,23 @@ int main() { if (auditd) { // failure is an option ... messages are in dmesg (required by standard) LogAudit *al = new LogAudit(logBuf, reader, fdDmesg); + + int len = klogctl(KLOG_SIZE_BUFFER, NULL, 0); + if (len > 0) { + len++; + char buf[len]; + + int rc = klogctl(KLOG_READ_ALL, buf, len); + + buf[len - 1] = '\0'; + + for(char *ptr, *tok = buf; + (rc >= 0) && ((tok = strtok_r(tok, "\r\n", &ptr))); + tok = NULL) { + rc = al->log(tok); + } + } + if (al->startListener()) { delete al; close(fdDmesg);