logd: throttle SELinux denials to 20/sec

Impose a limit of 20 selinux denials per second. Denials beyond that point don't add any value, and have the potential to cause crashes or denial of service attacks. Do some other misc cleanup while I'm here. Bug: 18341932 (cherry picked from commit c234a1b879) Change-Id: Ic5c96003db82e504baf301e87be5c8c539c73c2a
2014-11-19 13:33:22 -08:00 · 2014-11-19 13:33:22 -08:00 · 83d85563c5
commit 83d85563c5
parent 86c9e5f7e2
3 changed files with 13 additions and 22 deletions
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@ -248,7 +248,7 @@ int LogAudit::getLogSocket() {
    if (fd < 0) {
        return fd;
    }
-    if (audit_set_pid(fd, getpid(), WAIT_YES) < 0) {
+    if (audit_setup(fd, getpid()) < 0) {
        audit_close(fd);
        fd = -1;
    }
--- a/logd/libaudit.c
+++ b/logd/libaudit.c
@ -162,7 +162,7 @@ out:
    return rc;
 }

-int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
+int audit_setup(int fd, uint32_t pid)
 {
    int rc;
    struct audit_message rep;
@ -176,7 +176,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
     * and the the mask set to AUDIT_STATUS_PID
     */
    status.pid = pid;
-    status.mask = AUDIT_STATUS_PID;
+    status.mask = AUDIT_STATUS_PID | AUDIT_STATUS_RATE_LIMIT;
+    status.rate_limit = 20; // audit entries per second

    /* Let the kernel know this pid will be registering for audit events */
    rc = audit_send(fd, AUDIT_SET, &status, sizeof(status));
@ -188,24 +189,21 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
    /*
     * In a request where we need to wait for a response, wait for the message
     * and discard it. This message confirms and sync's us with the kernel.
-     * This daemon is now registered as the audit logger. Only wait if the
-     * wmode is != WAIT_NO
+     * This daemon is now registered as the audit logger.
+     *
+     * TODO
+     * If the daemon dies and restarts the message didn't come back,
+     * so I went to non-blocking and it seemed to fix the bug.
+     * Need to investigate further.
     */
-    if (wmode != WAIT_NO) {
-        /* TODO
-         * If the daemon dies and restarts the message didn't come back,
-         * so I went to non-blocking and it seemed to fix the bug.
-         * Need to investigate further.
-         */
-        audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
-    }
+    audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);

    return 0;
 }

 int audit_open()
 {
-    return socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+    return socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT);
 }

 int audit_get_reply(int fd, struct audit_message *rep, reply_t block, int peek)
--- a/logd/libaudit.h
+++ b/logd/libaudit.h
@ -37,11 +37,6 @@ typedef enum {
    GET_REPLY_NONBLOCKING
 } reply_t;

-typedef enum {
-    WAIT_NO,
-    WAIT_YES
-} rep_wait_t;
-
 /* type == AUDIT_SIGNAL_INFO */
 struct audit_sig_info {
    uid_t uid;
@ -92,12 +87,10 @@ extern int  audit_get_reply(int fd, struct audit_message *rep, reply_t block,
 *  The fd returned by a call to audit_open()
 * @param pid
 *  The pid whom to set as the reciever of audit messages
- * @param wmode
- *  Whether or not to block on the underlying socket io calls.
 * @return
 *  This function returns 0 on success, -errno on error.
 */
-extern int  audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode);
+extern int  audit_setup(int fd, uint32_t pid);

 __END_DECLS