Commit graph

674 commits

Author SHA1 Message Date
Tom Cherry
784a099d62 logd: don't coalesce identical log messages in the security buffer
This buffer isn't human readable and the parsers aren't set up to
handle the 'chatty' message for identical log messages.  Further, it
is a low volume buffer so there's not much in terms of memory saving
if this were enabled.

Bug: 137093665
Test: security unit tests
Change-Id: I03fce518d3308a6d9240bd29e83ff3237203fe3b
Merged-In: I03fce518d3308a6d9240bd29e83ff3237203fe3b
(cherry picked from commit 2ac86de15a)
2020-02-28 10:28:39 -08:00
Rubin Xu
7a5cbfc645 Rename ro.device_owner system property
This is renamed to ro.organization_owned to cover the extended
usage now that there is a new management mode for fully-managed
organization owned devices: organization-owned managed profile.
A device is considered fully-managed if there is a device owner
or an organization-owned managed profile.

Test: atest liblog-unit-tests
Test: atest propertyinfoserializer_tests
Bug: 148437300
Change-Id: Iaa8ea246c973732526abc1da5b307af8bce1a0af
2020-02-19 10:34:36 +00:00
Mike Ma
a7fb095207 Relax permissions on /data/misc/logd
Incidentd needs to access /data/misc/logd to get persisted logs for
debugging purposes. Relax permissions on /data/misc/logd to allow
group (log) to access the dir and read its files. Effectively change
to:
drwxr-x--- logd log /data/misc/logd
-rw-r----- logd log /data/misc/logd/logcat*

Since this dir stores the past output of logcat, anyone that can run
logcat can be granted access to this dir. Access to this dir is further
guarded by SELinux. So it is safe.

Bug: 147924172
Test: Build, flash, reboot. Verify that the files have the right
      permissions.

Change-Id: I4d2aa9d5883d1ef14411b2b3902f0ca7c641dd7e
2020-01-21 18:39:19 -08:00
Bookatz
1a9e4fa25e CtsLogdTestCases secondary_user
Marks this CTS test module as supporting secondary_user, meaning that
the tests are eligible to be run from a regular Android user other
than the system user (i.e. other than user 0).

Note that 'user' here refers to the concept of users in Android
Multiuser; it is NOT the same as a uid.

Bug: 141773058
Test: module passed with secondary_user params
 (--enable-optional-parameterization --module-parameter secondary_user)

Change-Id: Ic1c3c5f86e0178c8e3e2ec8c3d3069ecd9e580e9
2020-01-06 09:52:54 -08:00
Tom Cherry
e17b4f62df Cleanup package_string() and its users
package_string() isn't readable in its current form and a loop is
unnecessary, so let's replace that with the direct calculations.  The
new and old functions are identical in results except an edge case
where the old function incorrectly believes it needs to round up to
'10' for the size prefix, when '9' would be ok, specifically:
10\naaaaa\n\f vs 9\naaaaa\n\f.  This is true for all powers of 10.

Clean up the calling side in logcat as well.

Test: printing log statistics and prune list works
Change-Id: Ib62ab2badab59040215b130ec9e3efbc7c95af3f
2019-12-06 13:55:08 -08:00
Tom Cherry
21f16a049a logd: print a message when kicking a client or skipping entries
We're kicking logcat clients more frequently than expected, so print
this information for debugging purposes.

Bug: 144311420
Test: see these logs
Change-Id: I1570cd4b377a62c863bc26c7b3148e04c2433a9c
2019-11-15 17:38:06 -08:00
Tom Cherry
c8ef01344d Merge changes from topic "remove-legacy-logger_entry-structs"
* changes:
  liblog: document the liblog<->logd protocol format
  liblog: remove unused parts of android_log_transport_context
  Remove old logger_entry_v* formats
  liblog: disable header_abi_checker
2019-10-25 16:53:20 +00:00
Tom Cherry
441054aa1e Remove old logger_entry_v* formats
logger_entry and logger_entry_v2 were used for the kernel logger,
which we have long since deprecated.  logger_entry_v3 is the same as
logger_entry_v4 without a uid field, so it is trivially removable,
especially since we're now always providing uids in log messages.

liblog and logd already get updated in sync with each other, so we
have no reason for backwards compatibility with their format.

Test: build, unit tests
Change-Id: I27c90609f28c8d826e5614fdb3fe59bde22b5042
2019-10-24 10:53:14 -07:00
Max Spector
ace90bd945 Liblogd log fuzzer
Improvments to fuzzer for liblogd LogBuffer::log

Bug: 143107334
Test: Ran the fuzzer
Change-Id: Ibf9f21cd51ff7c0ef390a5e217be085a9a4976e0
2019-10-23 19:58:05 -07:00
Treehugger Robot
1e07245bf1 Merge "Liblogd log fuzzer" 2019-10-22 05:02:11 +00:00
Max Spector
0c9d488374 Liblogd log fuzzer
Basic fuzzer for liblogd LogBuffer::log

Bug: 143107334
Test: Ran the fuzzer
Change-Id: Ifaeef1410655cf57c58b2b78484b832dfea6333a
2019-10-21 18:26:59 -07:00
Tom Cherry
5e81aa2cf5 liblog: fixup log_id_t
1) We don't need two copies of log_id_t
2) We don't need misleading sizeof_log_id_t or typeof_log_id_t macros
3) logd should use android_log_header_t explicitly for its recv buffer
   size
4) Following on from b/129272512, we're settling that returning
   LOG_ID_MAX is an acceptable return value from
   android_name_to_log_id().

Bug: 129272512
Test: build, liblog, logcat unit tests
Change-Id: I67fb964a4a0ae9cb6e1514ca110e47e00dfcfa9a
2019-10-18 09:58:08 -07:00
Tom Cherry
64458c79cd logd: always report the UID of a log message
logd currently only reports the UID of a log message for 'privileged'
readers (those with a uid or gid of root, system, or log).  However,
UIDs are not particularly sensitive.  Much more importantly,
non-privileged readers can only see less messages from their own UID,
so this restriction is essentially a no-op, as those readers will
already know their own uid.

Test: liblog and logd unit tests
Change-Id: I9da7d15eb840ba3200128391e70d618eec79f988
2019-10-16 13:59:26 +00:00
Ashwini Oruganti
ff2723e647 Show bug_map links on user builds
bug_map data is now included on user builds.

Bug: 141695494
Test: Generated a tracked denial on a user build and verified that the
bug number shows up in the logs.

Change-Id: If2afa861acece63573973fe42d504d1d41964a4f
2019-10-04 10:36:23 -07:00
Treehugger Robot
fb897dc1f5 Merge "logd: remove logd.both test" 2019-09-25 23:16:13 +00:00
Tom Cherry
bbc489a468 logd: remove logd.both test
This test checks that kernel /dev/log* and logd do not exist and have
content in them simultaneously.  The kernel logger was removed years
ago, so that half of the test is no longer relevant.  Once that half
is removed, this test is essentially "is logd online and does it have
logs", which is already tested for in other tests, so we remove this
on entirely.

Test: logd unit tests
Change-Id: I71dff742f66fc791b7a661a363d4239363140b3f
2019-09-25 14:20:44 -07:00
Ashwini Oruganti
1d02c2addc Update auditParse to not prepend "b/" to bug IDs
Instead, the bug_map entries will now include the b/ prefix. This will
allow arbitrary URLs to be added as well to SELinux denial messages

Bug: 141014771
Test: Generated a denial, verified that the bug id in the dmesg logs
remains unchanged.

Change-Id: I4679117abdc2e13af81336b0b7fd8d69def80147
2019-09-23 14:26:34 -07:00
Tom Cherry
be0f4abfaf logd: Allow setDropped() to be called on already dropped messages
rprichard@ pointed out a bug where LogBufferElement::setDropped()
reallocates mMsg to the size of mMsgLen in the case where getTag() !=
0.  However, mMsgLen is in a union with mDroppedCount and
mDroppedCount is the value used when a message is already dropped.
Therefore, it's possible that logd uses the wrong value and allocates
much more memory than intended.

We do call setDropped() on elements that have already been dropped in
LogBufferElementLast::coalesce(), so this is not a superfluous issue.

To simplify this even more, this code puts an mTag in a union with
mMsg, such that if mDropped is true, there will never be an allocated
message; mTag will be directly referred to instead.  This also reduces
the number of allocations needed very slightly.

Test: logd/liblog/logcat unit tests.
Change-Id: Ia1bfba076439fe31c745a243283d41902bca45ac
2019-08-23 14:58:14 -07:00
Tom Cherry
3096818c8e Revert "Modularize logd."
logd isn't meant to be modularized.  The previous user was using a
small subset of LogListener.cpp, which is now copied into their
project.

Test: liblog, logd unit tests

This reverts commit fafea32468.

Change-Id: I05ec764db2d9395f2d5b69a1a610c9c55240ab3a
2019-06-28 14:16:13 -07:00
Tom Cherry
40da03b742 Revert "logd: validate and fill in socket credentials"
We don't want to fake socket credentials if they were not provided by
the kernel.  If there is a bug preventing us from reading the
credentials then it must be solved directly.

Test: logd, liblog unit tests
Test: boot and ensure overflow uid doesn't show up

This reverts commit c4e4823b00.

Change-Id: I683129a8a214637635f163ae25c39bb8a47cd50f
2019-06-28 14:16:00 -07:00
Xu YiPing
998fca5795 Avoid get same timestamps in log testcase
for arm64, userspace get time by vDSO, no syscall overhead.
multiple_test_2 sometimes get 2 same timestamps now, then testcase
fails.

Bug: b/135555666
Test: ./CtsLogdTestCases64 --gtest_filter=*multiple_test*
2019-06-19 16:38:33 +08:00
Tom Cherry
36f5399341 logd: handle uidToName() directly
uidToName() originally used a separate worker thread with additional
group permissions.  Threads are not security boundaries however, so
these group permissions are removed in a previous change.

This change handles the lookup for uidToName() directly without using
a separate thread.

Test: boot CF, logd unit tests
Change-Id: If245388bc221bc77102a0bbcee82c8f42b140760
2019-06-07 11:39:24 -07:00
Tom Cherry
0b2a011cc4 logd: don't drop user/groups/capabilities/priority in drop_privs()
On Android, unlike POSIX, groups and capabilities are able to be set
per thread.  This is useless however, since threads are not a security
boundary.  This change drops the logic to set groups and capabilities
per thread and instead leaves all threads running with the initial
user and groups.

This does still drop some capabilities if they're unneeded due to
features being disabled.

This also moves the setpriority() call from code into the init script.

Test: logd runs with the expected user/groups and with the expected
      capabilities and priority without any errors

Change-Id: Ibb0e529ea1574a2b8ec391a2678504ca9fbe19be
2019-06-07 15:52:27 +00:00
Tian, Baofeng
00813a585a Logcatd: Add new properties control logcat file size and file count.
Logcatd has capability to output logs to filesystem with certain size
and certain file count, however file size is not configurable, fixed
as 1024 kbytes, file count is configurable, but original property
name didn't match the logcat parameter well.
This patch add interface rotate_kbytes and count into logcatd.rc.
rotate_kbytes used to control each logcat file size.
count is another alias for logd.logpersistd.size to control file number.

Bug: 133362078
Test: Can use logcat -r -n with configures

Change-Id: I9954c9c125a4ab4e49310986f81c734bf8ee96b3
Signed-off-by: Tian, Baofeng <baofeng.tian@intel.com>
Signed-off-by: Duan, YayongX <yayongx.duan@intel.com>
2019-05-24 07:23:22 +00:00
dimitry
bf613b4ce4 Link libselinux/utils/base statically
CTS tests are not supposed to link against platform-private
libraries. As it is this test put an implicit requirement on
having libselinux.so in system image. Which is not intended.

Link statically against listed libraries to avoid such unintended
dependencies.

Test: make
Change-Id: I47a5b032000ee2c1ff764d6cc57683343851a07f
2019-05-15 12:40:33 +02:00
Nick Kralevich
512a7bfd83 logd: remove SELinux dup handling
Remove the code which attempts to collapse multiple similar SELinux
denials into one denial. SELinux logs are already rate throttled by the
kernel
(https://android-review.googlesource.com/c/platform/system/core/+/941357
for example), so additional filtering here only adds complexity and may
result in SELinux denials being inappropriately suppressed or dropped.

Bug: 118815957
Test: atest logd-unit-tests
Change-Id: I611fa43dc56c99aa992aad002c16c742e6034e5c
2019-04-24 13:32:58 -07:00
Nick Kralevich
be5e446791 introduce auditctl and use it to configure SELinux throttling
In an effort to ensure that our development community does not
introduce new code without corresponding SELinux changes, Android
closely monitors the number of SELinux denials which occur during
boot. This monitoring occurs both in treehugger, as well as various
dashboards. If SELinux denials are dropped during early boot, this
could result in non-determinism for the various SELinux treehugger
tests.

Introduce /system/bin/auditctl. This tool, model after
https://linux.die.net/man/8/auditctl , allows for configuring the
throttling rate for the kernel auditing system.

Remove any throttling from early boot. This will hopefully reduce
treehugger flakiness by making denial generation more predictible
during early boot.

Reapply the throttling at boot complete, to avoid denial of service
attacks against the auditing subsystem.

Delete pre-existing unittests for logd / SELinux integration. It's
intended that all throttling decisions be made in the kernel, and
shouldn't be a concern of logd.

Bug: 118815957
Test: Perform an operation which generates lots of SELinux denials,
      and count how many occur before and after the time period.
Change-Id: I6c787dbdd4a28208dc854b543e1727ae92e5eeed
2019-04-09 13:19:08 -07:00
Tom Cherry
3882b509b4 Actually add right instant app boilerplate.
Bug: 123366871
Test: treehugger
Change-Id: Id3d01396efe6afb69dea0e59dd6e1040ba82a1fd
2019-01-29 17:12:35 -08:00
Tom Cherry
d722fbf4b0 Add "instant app" boilerplate.
Bug: 123366871
Test: treehugger
Change-Id: I2963aea53ae96651854bbbcb8e411add5183e523
2019-01-29 08:53:01 -08:00
Treehugger Robot
4830ba0fd1 Merge "Convert Android.mk file to Android.bp" 2019-01-25 18:17:54 +00:00
Tri Vo
6600f978a4 Merge "Read selinux_denial_metadata from /vendor" 2019-01-25 17:51:48 +00:00
Suren Baghdasaryan
9491078300 DO NOT MERGE: Revert "Revert "Add dependencies on libprocessgroup for sched_policy users""
This reverts commit 1bef8c550c.

Reason for revert: AOSP is fixed with new vendor image

Change-Id: Ib341ac80e2f88c13a7815a490ea2d9422ebdf55f
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-01-25 16:49:18 +00:00
Sasha Smundak
3a62fc44e8 Convert Android.mk file to Android.bp
See build/soong/README.md for more information.

Bug: 122332380
Test: treehugger
Change-Id: I39a69c722922cfb19059d10ff37132442f0337ba
2019-01-24 21:16:39 -08:00
Suren Baghdasaryan
1bef8c550c DO NOT MERGE: Revert "Add dependencies on libprocessgroup for sched_policy users"
This reverts commit 02843339f9.

Reason for revert: Broke AOSP

Change-Id: I62f91c0adf440b5da0a145862b04dd27a7016faf
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-01-23 20:43:28 -08:00
Tri Vo
57b2e8cd01 Read selinux_denial_metadata from /vendor
selinux_denial_metadata contains device-specific information, so it is
being moved to /vendor.

Bug: 5159394
Test: bug information is still preserved in avc logs, e.g.
audit(0.0:248): avc: denied { read } for
name="u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=18012
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=0
b/79617173 app=com.android.systemui
Change-Id: I23293e715b5d793a54466a128ccd57f44370cf5a
2019-01-23 09:58:37 -08:00
Suren Baghdasaryan
02843339f9 Add dependencies on libprocessgroup for sched_policy users
After moving sched_policy functions into libprocessgroup its users require
additional dependency and inclusion of sched_policy_ctrl.h header.

Exempt-From-Owner-Approval: janitorial

Bug: 111307099
Test: builds, boots

Merged-In: Icc052080e1bce46ce06f7264446950cab0490a95
Change-Id: Icc052080e1bce46ce06f7264446950cab0490a95
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-01-22 18:19:45 +00:00
Dan Willemsen
ceaf4e76e5 Remove LOCAL_MODULE_TAGS := debug
It's replaced with entries in PRODUCT_PACKAGES_DEBUG in
build/make/target/product/base_system.mk

Test: treehugger
Change-Id: I4dc69c34ddc2c494fc74bc4afee6efa240c9b0d3
2019-01-18 15:16:50 -08:00
Tom Cherry
9e12433760 Statically link liblog to logd/logcat and their tests
logd/logcat use more symbols than the rest of the platform, so let's
statically link them for now while we understand the API that the
platform overall uses.

Test: build
Change-Id: I21ae1bd3ff9b310f099612fbe790f769712661df
2019-01-17 11:37:22 -08:00
Tom Cherry
065854748e Merge "Remove __android_log_event_list and the reader aspect of android_log_event_list" 2019-01-17 17:18:10 +00:00
Bernie Innocenti
804e7d8c4f Fix clang-tidy warnings in log_time.h
- Zero initialize log_time instances by default
 - Disable implicit conversions by making constructors explicit
 - Explicitly initialize to EPOCH in most places
 - Change sniffTime() to avoid in-place modification of a log_time

I stopped here, but we could consider following up with a more invasive
change to make log_time instances immutable and perhaps also remove the
default constructor to force explicit initialization to EPOCH.

Test: atest libbase_test netd_unit_test
Change-Id: I67e716ef74adaaf40ab2c6e2e0dddb8d309bc7ca
2019-01-17 14:45:19 +09:00
Tom Cherry
c2ea6e7c39 Remove __android_log_event_list and the reader aspect of android_log_event_list
One user of each, dubious API, remove it while we work on a new one.

Test: build
Change-Id: If422246226addaf873dc2af32553fad3a5182089
2019-01-16 15:35:20 -08:00
Tom Cherry
df8063d045 logd: use .clang-format-4 like the rest of system/core
Test: n/a
Change-Id: I9ad125247f502edb4462817417624c2f527d7870
2019-01-16 15:20:15 -08:00
Tom Cherry
c02d05dc1c Merge "logd: improve logd prune" 2018-12-21 16:20:14 +00:00
Jintao Zhu
d3987a9624 logd: improve logd prune
upon memory usage high(>log_buffer_size), logd will try to prune(erase) all those old log elements which have been read by all readers for reclaiming the memory.  As such, a too slow reader will be a hinder to the success of the prune.  Logd has to try to kick-out the slow-est reader when memory usage is really too high(>2 * log_buffer_size).  But the kick-out operation is just a request to the reader and at what time the reader will exit is always uncertain, beyond control.  Furthermore, if you kick-out reader-A, waiting for A to exit; then, another reader-B may come in; then A exit; and then you kick-out-B, waiting for B to exit; and then, ...loop for ever: yes, logd may find that there seems to be always a slow reader hinder its pruning.  As we all know, that, logd will probably kick-out a slow reader(logcat), hence, indeed, almost all log capturing tools will try to re-connect logd immediately after it being kick-out-ed.  Such retry makes the issue easy to happen.  And, we observed that the reader thread may often be blocked by socket write operation, which hindering its exiting and hereby hindering the prune progress.  We need gracefully shutdown socket to relieve it from blocking and eventually stop such disaster from happening.

Test: monkey test for one day and one night

Change-Id: I5496ff74168b71e261914b91c145aa44814a5def
2018-12-20 23:35:54 +08:00
Jintao Zhu
245fb369b1 improve LogBufferElement copy constructor
LogBufferElement copy constructor supported only partial function.

Solution: handle all cases.

Test: unit test for calling the copy constructor with all possible states.
Change-Id: I55091569d98eb35a09b4c3fc068836ecd256558c
2018-12-19 22:20:12 +08:00
Dan Austin
b43eb943ae Fix null pointer dereference in auditParse
There is an issue in LogAudit::auditParse where
android::uidToName(uid) crashes with a null pointer dereference.
Include a null check on the value before passing it on.

Bug: 120043607
Test: End-to-end test with syzkaller as per instructions in bug.
Change-Id: Ic0ac5c3003fcd289ec156ce63fbd668413763429
2018-11-27 14:01:29 -08:00
Jintao_Zhu
5f93072db3 logd: fix memory leak due to slow reader
Kernel panic - not syncing: Out of memory occurred once after 8 hours
automatic test which cases are about Summary:logd memory leak UTResult
: 1/1

IssueID: 93440

Rootcause: the method "LogTimeEntry::FilterSecondPass"(called inside
"LogBuffer::flushTo") does not check the condition flag
"LogTimeEntry::mRelease" which will be set to true when "logd" begins
to kick off a client when it finding the client is slow-est.
Therefore the client cannot be kicked off and hence the log-element
list becomes longer and longer if the slowest client reading more
slower than the writer writing.

Change-Id: I91a44a393e63b3122c15ce269ee195e0eb4339e8
Solution: add the check.
Test: logd kills slow reader
2018-11-12 10:24:15 -08:00
Dan Willemsen
3e963f9df7 Convert more modules to Android.bp
Test: cd system/core; mma
Test: check for mkbootfs in build artifacts
Test: out/host/linux-x86/nativetest64/libcrypto_utils_test/libcrypto_utils_test
Test: out/host/linux-x86/nativetest64/libnativebridge-tests/*_test
Change-Id: I71141bd85f052d5d86763a8b79b219cc4c46aafb
2018-10-31 21:53:37 -07:00
Tom Cherry
e2d30d14d0 logd: clear timeout if no start time is given
This code was accidentally deleted in the refactoring of
4f22786cc9 cause the
logd.timeout_no_start test to start failing.

Bug: 117942520
Test: logd unit tests
Change-Id: Id7994230a89d7f8c2cb1f36a8ca1175a6b398de0
2018-10-19 13:51:35 -07:00
Tom Cherry
4f22786cc9 logd: rework logic for LogTimeEntry
LogTimeEntry's lifecycle is spread out in various locations.  It
further seems incomplete as there is logic that assumes that its
associated thread can exit while the underlying LogTimeEntry remains
valid, however it doesn't appear that that is actually a supported
situation.

This change simplifies this logic to have only one valid state for a
LogTimeEntry: it must have its thread running and be present in
LastLogTimes.  A LogTimeEntry will never be placed into LastLogTimes
unless its thread is running and its thread will remove its associated
LogTimeEntry from LastLogTimes before it has exited.

This admittedly breaks situations where a blocking socket gets issued
multiple commands with different pid filters, tail lines, etc,
however, I'm reasonably sure that these situations were already
broken.  A check is added to close the socket in this case.

Test: multiple logcat instances work, logd.reader.per's are cleaned up
Change-Id: Ibe8651e7d530c5e9a8d6ce3150cd247982887cbe
2018-10-12 18:28:59 -07:00