ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

logd: Add support for ro.logd.auditd.[main|events]

Browse source 
log selinux audit messages boolean (true or false, default true)
selection for logging destinations:

ro.logd.auditd - turn on logd.auditd to pick up violations.
ro.logd.auditd.dmesg - to the kernel log.
ro.logd.auditd.main - to the "main" log buffer.
ro.logd.auditd.events - to the "events" log buffer.

We used to also read logd.auditd.dmesg and persist.logd.auditd.dmesg
which do not get refreshed when /data mounts internally.  This is a
confusing state as these properties will be read after a logd crash
and restart, adjusting the behavior of the logger.  Same can be said
for logd.auditd as well.  Drop reading these other parameters.

Test: manual set r/o parameters, stop/start logd to confirm behavior
Bug: 33969000
Bug: 27878170
Change-Id: I1a6bb4a903074c9aa7b227cf583a0094d49cbefd
This commit is contained in:
Mark Salyzyn 2016-12-29 15:16:06 -08:00
parent 10a7b9bb8b
commit ce80da3018
4 changed files with 21 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
logd/LogAudit.cpp
View file

@ -47,6 +47,10 @@ LogAudit::LogAudit(LogBuffer *buf, LogReader *reader, int fdDmesg) :
logbuf(buf),
reader(reader),
fdDmesg(fdDmesg),
main(__android_logger_property_get_bool("ro.logd.auditd.main",
BOOL_DEFAULT_TRUE)),
events(__android_logger_property_get_bool("ro.logd.auditd.events",
BOOL_DEFAULT_TRUE)),
initialized(false) {
static const char auditd_message[] = { KMSG_PRIORITY(LOG_INFO),
'l', 'o', 'g', 'd', '.', 'a', 'u', 'd', 'i', 't', 'd', ':',
@ -172,6 +176,11 @@ int LogAudit::logPrint(const char *fmt, ...) {
}
}
if (!main && !events) {
free(str);
return 0;
}
pid_t pid = getpid();
pid_t tid = gettid();
uid_t uid = AID_LOGD;
@ -222,7 +231,7 @@ int LogAudit::logPrint(const char *fmt, ...) {
bool notify = false;
{ // begin scope for event buffer
if (events) { // begin scope for event buffer
uint32_t buffer[(n + sizeof(uint32_t) - 1) / sizeof(uint32_t)];
android_log_event_string_t *event
@ -277,7 +286,7 @@ int LogAudit::logPrint(const char *fmt, ...) {
size_t e = strnlen(ecomm, LOGGER_ENTRY_MAX_PAYLOAD - b);
n = b + e + l + 2;
{ // begin scope for main buffer
if (main) { // begin scope for main buffer
char newstr[n];
*newstr = info ? ANDROID_LOG_INFO : ANDROID_LOG_WARN;

4
logd/LogAudit.h
View file

@ -26,7 +26,9 @@ class LogReader;
class LogAudit : public SocketListener {
LogBuffer *logbuf;
LogReader *reader;
int fdDmesg;
int fdDmesg; // fdDmesg >= 0 is functionally bool dmesg
bool main;
bool events;
bool initialized;
public:

5
logd/README.property
View file

@ -2,8 +2,9 @@ The properties that logd and friends react to are:
name type default description
ro.logd.auditd bool true Enable selinux audit daemon
ro.logd.auditd.dmesg bool true selinux audit messages duplicated and
sent on to dmesg log
ro.logd.auditd.dmesg bool true selinux audit messages sent to dmesg.
ro.logd.auditd.main bool true selinux audit messages sent to main.
ro.logd.auditd.events bool true selinux audit messages sent to events.
persist.logd.security bool false Enable security buffer.
ro.device_owner bool false Override persist.logd.security to false
ro.logd.kernel bool+ svelte+ Enable klogd daemon

9
logd/main.cpp
View file

@ -451,9 +451,8 @@ int main(int argc, char *argv[]) {
pthread_attr_destroy(&attr);
}
bool auditd = __android_logger_property_get_bool("logd.auditd",
BOOL_DEFAULT_TRUE |
BOOL_DEFAULT_FLAG_PERSIST);
bool auditd = __android_logger_property_get_bool("ro.logd.auditd",
BOOL_DEFAULT_TRUE);
if (drop_privs(klogd, auditd) != 0) {
return -1;
}
@ -513,8 +512,8 @@ int main(int argc, char *argv[]) {
if (auditd) {
al = new LogAudit(logBuf, reader,
__android_logger_property_get_bool(
"logd.auditd.dmesg",
BOOL_DEFAULT_TRUE | BOOL_DEFAULT_FLAG_PERSIST)
"ro.logd.auditd.dmesg",
BOOL_DEFAULT_TRUE)
? fdDmesg
: -1);
}