Merge "logd: logcat: debuggerd: auditd logs to events"

2014-05-16 20:34:17 +00:00 · 2014-05-16 20:34:17 +00:00 · bc741ac212
commit bc741ac212
parent 8b2d46a5fc 989980c55d
5 changed files with 89 additions and 49 deletions
--- a/debuggerd/tombstone.cpp
+++ b/debuggerd/tombstone.cpp
@ -31,9 +31,10 @@

 #include <private/android_filesystem_config.h>

+#include <cutils/properties.h>
 #include <log/log.h>
 #include <log/logger.h>
-#include <cutils/properties.h>
+#include <log/logprint.h>

 #include <backtrace/Backtrace.h>
 #include <backtrace/BacktraceMap.h>
@ -459,6 +460,8 @@ static bool dump_sibling_thread_report(
 // that don't match the specified pid, and writes them to the tombstone file.
 //
 // If "tail" is set, we only print the last few lines.
+static EventTagMap* g_eventTagMap = NULL;
+
 static void dump_log_file(log_t* log, pid_t pid, const char* filename,
  unsigned int tail) {
  bool first = true;
@ -521,7 +524,28 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename,
    if (!hdr_size) {
      hdr_size = sizeof(log_entry.entry_v1);
    }
-    char* msg = (char *)log_entry.buf + hdr_size;
+    char* msg = reinterpret_cast<char*>(log_entry.buf) + hdr_size;
+
+    char timeBuf[32];
+    time_t sec = static_cast<time_t>(entry->sec);
+    struct tm tmBuf;
+    struct tm* ptm;
+    ptm = localtime_r(&sec, &tmBuf);
+    strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm);
+
+    if (log_entry.id() == LOG_ID_EVENTS) {
+      if (!g_eventTagMap) {
+        g_eventTagMap = android_openEventTagMap(EVENT_TAG_MAP_FILE);
+      }
+      AndroidLogEntry e;
+      char buf[512];
+      android_log_processBinaryLogBuffer(entry, &e, g_eventTagMap, buf, sizeof(buf));
+      _LOG(log, 0, "%s.%03d %5d %5d %c %-8s: %s\n",
+         timeBuf, entry->nsec / 1000000, entry->pid, entry->tid,
+         'I', e.tag, e.message);
+      continue;
+    }
+
    unsigned char prio = msg[0];
    char* tag = msg + 1;
    msg = tag + strlen(tag) + 1;
@ -534,13 +558,6 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename,

    char prioChar = (prio < strlen(kPrioChars) ? kPrioChars[prio] : '?');

-    char timeBuf[32];
-    time_t sec = static_cast<time_t>(entry->sec);
-    struct tm tmBuf;
-    struct tm* ptm;
-    ptm = localtime_r(&sec, &tmBuf);
-    strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm);
-
    // Look for line breaks ('\n') and display each text line
    // on a separate line, prefixed with the header, like logcat does.
    do {
@ -565,6 +582,7 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename,
 static void dump_logs(log_t* log, pid_t pid, unsigned tail) {
  dump_log_file(log, pid, "system", tail);
  dump_log_file(log, pid, "main", tail);
+  dump_log_file(log, pid, "events", tail);
 }

 static void dump_abort_message(Backtrace* backtrace, log_t* log, uintptr_t address) {
--- a/logcat/logcat.cpp
+++ b/logcat/logcat.cpp
@ -623,20 +623,21 @@ int main(int argc, char **argv)
    }

    if (!devices) {
-        devices = new log_device_t("main", false, 'm');
+        dev = devices = new log_device_t("main", false, 'm');
        android::g_devCount = 1;
        if (android_name_to_log_id("system") == LOG_ID_SYSTEM) {
-            devices->next = new log_device_t("system", false, 's');
+            dev = dev->next = new log_device_t("system", false, 's');
            android::g_devCount++;
        }
        if (android_name_to_log_id("crash") == LOG_ID_CRASH) {
-            if (devices->next) {
-                devices->next->next = new log_device_t("crash", false, 'c');
-            } else {
-                devices->next = new log_device_t("crash", false, 'c');
-            }
+            dev = dev->next = new log_device_t("crash", false, 'c');
            android::g_devCount++;
        }
+        if (android_name_to_log_id("events") == LOG_ID_EVENTS) {
+            dev = dev->next = new log_device_t("events", true, 'e');
+            android::g_devCount++;
+            needBinary = true;
+        }
    }

    if (android::g_logRotateSizeKBytes != 0
--- a/logd/Android.mk
+++ b/logd/Android.mk
@ -17,7 +17,8 @@ LOCAL_SRC_FILES := \
    LogStatistics.cpp \
    LogWhiteBlackList.cpp \
    libaudit.c \
-    LogAudit.cpp
+    LogAudit.cpp \
+    event.logtags

 LOCAL_SHARED_LIBRARIES := \
    libsysutils \
@ -25,7 +26,7 @@ LOCAL_SHARED_LIBRARIES := \
    libcutils \
    libutils

-LOCAL_CFLAGS := -Werror
+LOCAL_CFLAGS := -Werror $(shell sed -n 's/^\([0-9]*\)[ \t]*auditd[ \t].*/-DAUDITD_LOG_TAG=\1/p' $(LOCAL_PATH)/event.logtags)

 include $(BUILD_EXECUTABLE)

--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@ -54,9 +54,6 @@ bool LogAudit::onDataAvailable(SocketClient *cli) {
    return true;
 }

-#define AUDIT_LOG_ID   LOG_ID_MAIN
-#define AUDIT_LOG_PRIO ANDROID_LOG_WARN
-
 int LogAudit::logPrint(const char *fmt, ...) {
    if (fmt == NULL) {
        return -EINVAL;
@ -115,43 +112,30 @@ int LogAudit::logPrint(const char *fmt, ...) {
        strcpy(pidptr, cp);
    }

-    static const char comm_str[] = " comm=\"";
-    char *comm = strstr(str, comm_str);
-    if (comm) {
-        cp = comm;
-        comm += sizeof(comm_str) - 1;
-        char *ecomm = strchr(comm, '"');
-        if (ecomm) {
-            *ecomm = '\0';
-        }
-        comm = strdup(comm);
-        if (ecomm) {
-            strcpy(cp, ecomm + 1);
-        }
-    } else if (pid == getpid()) {
-        pid = tid;
-        comm = strdup("auditd");
-    } else if (!(comm = logbuf->pidToName(pid))) {
-        comm = strdup("unknown");
-    }
-
-    size_t l = strlen(comm) + 1;
-    size_t n = l + strlen(str) + 2;
+    size_t n = strlen(str);
+    n += sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t);

    char *newstr = reinterpret_cast<char *>(malloc(n));
    if (!newstr) {
-        free(comm);
        free(str);
        return -ENOMEM;
    }

-    *newstr = AUDIT_LOG_PRIO;
-    strcpy(newstr + 1, comm);
-    free(comm);
-    strcpy(newstr + 1 + l, str);
+    char *msg = newstr;
+    *msg++ = AUDITD_LOG_TAG & 0xFF;
+    *msg++ = (AUDITD_LOG_TAG >> 8) & 0xFF;
+    *msg++ = (AUDITD_LOG_TAG >> 16) & 0xFF;
+    *msg++ = (AUDITD_LOG_TAG >> 24) & 0xFF;
+    *msg++ = EVENT_TYPE_STRING;
+    size_t l = n - sizeof(uint32_t) - sizeof(uint8_t) - sizeof(uint32_t);
+    *msg++ = l & 0xFF;
+    *msg++ = (l >> 8) & 0xFF;
+    *msg++ = (l >> 16) & 0xFF;
+    *msg++ = (l >> 24) & 0xFF;
+    memcpy(msg, str, l);
    free(str);

-    logbuf->log(AUDIT_LOG_ID, now, uid, pid, tid, newstr,
+    logbuf->log(LOG_ID_EVENTS, now, uid, pid, tid, newstr,
                (n <= USHRT_MAX) ? (unsigned short) n : USHRT_MAX);
    reader->notifyNewLog();

--- a/logd/event.logtags
+++ b/logd/event.logtags
@ -0,0 +1,36 @@
+# The entries in this file map a sparse set of log tag numbers to tag names.
+# This is installed on the device, in /system/etc, and parsed by logcat.
+#
+# Tag numbers are decimal integers, from 0 to 2^31.  (Let's leave the
+# negative values alone for now.)
+#
+# Tag names are one or more ASCII letters and numbers or underscores, i.e.
+# "[A-Z][a-z][0-9]_".  Do not include spaces or punctuation (the former
+# impacts log readability, the latter makes regex searches more annoying).
+#
+# Tag numbers and names are separated by whitespace.  Blank lines and lines
+# starting with '#' are ignored.
+#
+# Optionally, after the tag names can be put a description for the value(s)
+# of the tag. Description are in the format
+#    (<name>|data type[|data unit])
+# Multiple values are separated by commas.
+#
+# The data type is a number from the following values:
+# 1: int
+# 2: long
+# 3: string
+# 4: list
+#
+# The data unit is a number taken from the following list:
+# 1: Number of objects
+# 2: Number of bytes
+# 3: Number of milliseconds
+# 4: Number of allocations
+# 5: Id
+# 6: Percent
+# Default value for data of type int/long is 2 (bytes).
+#
+# TODO: generate ".java" and ".h" files with integer constants from this file.
+
+1003  auditd (avc|3)