Commit graph

26 commits

Author SHA1 Message Date
Sami Tolvanen
d122ee65b6 logd: enforce policy integrity
If a SELinux policy change or a switch to permissive mode is detected
on a user build, restart the device into safe mode, and keep it there
until an OTA is applied or user data is wiped.

This change deprecates the ro.logd.auditd property.

Needs matching changes from
  I781c3059ea8d4fb2f0c923e4488b1932d69678d3
  Ica825cf2af74f5624cf4091544bd24bb5482dbe7
  Id3ca7889ede30b54b7af73dd50653ca1a20d59aa

Bug: 26902605
Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d
2016-02-16 12:54:54 -08:00
Mark Salyzyn
0ee8de3c2d Revert "logd: liblog: whitelist "snet_event_log""
Callers will not guarantee that they can or will ratelimit, we need to
retain the ability to blacklist snet_event_log as a result.

This reverts commit 6aa21b225d.

Bug: 26178938
Change-Id: Ibf47d2e23a84c56f5f72d02312c698df7ff2b601
2016-01-06 21:19:23 +00:00
Mark Salyzyn
6aa21b225d logd: liblog: whitelist "snet_event_log"
Dangerous bridge to cross to whitelist, who is special, who is not?
Rationalized as these events are used to catch exploits on platform.
As it stands no one should be allowed to block any messages in the
security context, not even for development purposes.

Bug: 26178938
Change-Id: Ibdc76bc0fe29ba05be168b623af1c9f41d7edbd2
2015-12-30 10:07:19 -08:00
Andreas Gampe
f5852ce11b Logd: Fix missing include of rc file
This went missing in commit aeca97ba1c.

Change-Id: I9d7e48a2ffb1649f3fa515a9d12d5fbdd2ed58b7
2015-10-22 20:36:53 -07:00
William Roberts
aeca97ba1c logd: use libpackageparser
Switch from the internal packages.list file parser
implementation to a common parser library.

Change-Id: I87a406802f95d8e7bfd8ee85f723f80e9e6b6c0c
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-14 20:22:44 -07:00
Mark Salyzyn
8c943b6dc8 logpersist: bundle with logcatd service
Bug: 23186545
Change-Id: I130d7c7e120acb372e58aec028f39e161d53628e
2015-09-21 13:53:01 -07:00
Tom Cherry
ff5be396d7 Merge changes from topic 'init-rc-breakup'
* changes:
  init: Queue Triggers instead of Actions
  bundle init.rc contents with its service
2015-08-21 17:42:29 +00:00
Tom Cherry
20391b1de5 bundle init.rc contents with its service
Bug: 23186545
Change-Id: I52616b8ab1165fdef716f9b8f958665f2308c12e
2015-08-21 10:14:43 -07:00
Mark Salyzyn
decbcd9c41 logd: statistics switch to std::string
Bug: 23350706
Change-Id: I5564898c4f67b8fcc43cee64604855f789409482
2015-08-20 10:25:57 -07:00
Mark Salyzyn
b332f1c427 logd: white and black switch to std::string
Bug: 23350706
Change-Id: I92f21aee0a9702f63e8465851d0f35007b0469a7
2015-08-20 10:25:57 -07:00
Mark Salyzyn
100658c303 init.rc: logd: Add logpersistd (nee logcatd)
- logpersistd is defined as a thread or process in the context of the
  logd domain. Here we define logpersistd as logcat -f in logd domain
  and call it logcatd to represent its service mechanics.
- Use logcatd to manage content in /data/misc/logd/ directory.
- Only turn on for persist.logd.logpersistd = logcatd.
- Add logpersist.start, logpersist.stop and logpersist.cat debug
  class executables, thus only in the eng and userdebug builds.

ToDo: Wish to add Developer Options menu to turn this feature on or
off, complicated by the fact that user builds have no tools with
access rights to /data/misc/logd.

Bug: 19608716
Change-Id: I57ad757f121c473d04f9fabe9d4820a0eca06f31
2015-06-02 15:17:59 -07:00
Mark Salyzyn
ae4d928d81 logd: Add klogd
- Add a klogd to collect the kernel logs and place them into a
  new kernel log buffer
- Parse priority, tag and message from the kernel log messages.
- Turn off pruning for worst UID for the kernel log buffer
- Sniff for 'PM: suspend exit', 'PM: suspend enter' and
  'Suspended for' messages and correct the internal definition
  time correction against monotonic dynamically.
- Discern if we have monotonic or real time (delineation 1980) in
  audit messages.
- perform appropriate math to correct the timestamp to be real time
- filter out any external sources of kernel logging

Change-Id: I8d4c7c5ac19f1f3218079ee3a05a50e2ca55f60d
2015-05-12 15:51:46 -07:00
Mark Salyzyn
ab0dcf6828 logd: annotate worst-UID pruned entries
- internal dropped entries are associated by prune by worst UID
  and are applied by UID and by PID
- track dropped entries by rewriting them in place
- merge similar dropped entries together for same UID(implied),
  PID and TID so that blame can more clearly be placed
- allow aging of dropped entries by the general backgound pruning
- report individual dropped entries formatted to reader
- add statistics to track dropped entries by UID, the combination
  of statistics and dropped logging can track over-the-top Chattiest
  clients.

Bug: 19608965
Change-Id: Ibc68480df0c69c55703270cd70c6b26aea165853
2015-04-10 15:45:08 -07:00
Mark Salyzyn
95b467888c logd: build cleanup
- Hard code the "auditd" event tag

Change-Id: I5f76fd286628be5c0ca819e8ed775648c0d2fa44
2015-03-09 10:02:51 -07:00
Mark Salyzyn
989980c55d logd: logcat: debuggerd: auditd logs to events
- auditd switch to recording logs to events log id
- logcat add events as one of the default logs
- debuggerd collect events log as well.

ToDo: debuggerd & bugreport collect intermixed logs.

BUG: 14626551
Change-Id: I958f0e729b7596748be57488a38824db5645be7b
2014-05-15 08:50:50 -07:00
Mark Salyzyn
c61895ac3a logd: turn on -Werror
- Deal with some -Wunused / -Wunused-variable issues

Change-Id: Ic86cd7b0680868ad0536198b71a34cb19134fc21
2014-05-02 14:16:00 -07:00
Mark Salyzyn
d3ba665020 logd: Add logd_test
* Test statistics output, all four main log id types
  are checked to be present, and output is properly
  formatted with header (ascii new-line terminated
  byte count) and trailer (newline formfeed) frames.
* On dev build test dgram_qlen, circumvent if
  liblog benchmarks executed first though.
* Test if kernel and user space loggers are
  present, and if any content has leaked to both.
* test benchmark and use it to verify worst UID pruning

Change-Id: I890c89f64825956f40108de806ed750b0170ac6c
2014-04-15 10:21:57 -07:00
Mark Salyzyn
472e04f2b4 Merge "logd: liblog: logcat: enable prune features for user" 2014-04-09 23:33:28 +00:00
William Roberts
29d238d2a8 logd: selinux auditd initial commit
Initial commit for an audit daemon that writes kernel audit
messages to the Android logger. The daemon searches dmesg
for all lines that contain "audit" and writes them. Then
receiving the messages from the netlink socket.

It also formats the messages so they are compatable with
ausearch (type=<t> <m> format)

Modified: Mark Salyzyn <salyzyn@google.com>

- do not start auditd
- merge into logd, stripping unnecessary file logging.
- Convert headers and code to support C++
- Fix bugs in libaudit
- squash timestamp (replace with 0.0) due to duplication
- squash pid due to duplication
- squash comm due to duplication

Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe
2014-04-07 10:51:00 -07:00
Mark Salyzyn
1c95047939 logd: liblog: logcat: enable prune features for user
- Enable whitelist, blacklist and logsize tuneables for user

Change-Id: Id0c283844c71c5263a8cfbebf2e550f7ac415858
2014-04-02 13:12:04 -07:00
Mark Salyzyn
dfa7a07f5b logd: liblog: logcat: Add LogWhiteBlackList
- liblog android_logger_get_log_size and android_logger_get_readable_size
  adjusted to return long instead of int because of -G flag extending range

NB: ifdef'd only for userdebug and eng builds

- liblog Add android_logger_[sg]et_prune_list and android_logger_set_log_size
- logcat Add -P, -p and -G flags
- logd Add LogWhiteBlackList and configurable log size

(cherry picked from commit 18a5432158)

Change-Id: I1572338c1b34bd968ad7867857ef708156ec3b6a
2014-03-13 14:48:07 -07:00
Mark Salyzyn
34facab86b logd: liblog: logcat: Add Statistics
- logd add statistical collection and formatting
- liblog add android_logger_get_statistics call
- logcat add -S flag
- logcat add -b all

(cherry picked from commit 51a29c8dc4)

Change-Id: I521753b1969ecd4590c956aeeb1557d101059d67
2014-03-13 14:47:58 -07:00
Mark Salyzyn
4381d43848 logd: Always build logd
- build breakage aosp-idea133 @ 1049092

Change-Id: Iabac6009567926137f455044b33ab5d67924896d
2014-02-28 15:29:36 -08:00
Mark Salyzyn
154f4608aa liblog: enable logging to logd.
* Modify liblog to send all messages to the new syslog user
  space daemon.

Original-Change-Id: I0ce439738cd921efb2db4c1d6a289a96bdbc8bc2
Original-Change-Id: If4eb0d09409f7e9be3eb4bb7017073dc7e931ab4
Signed-off-by: Nick Kralevich <nnk@google.com>

* Add a TARGET_USES_LOGD make flag for BoardConfig.mk to manage
  whether logd is enabled for use or not.
* rename syslog to logd to avert confusion with bionic syslog
* Add fake log support back in
* prefilter for logging messages from logd
* Fill in timestamps at logging source
* update abstract log reader
* switch from using suffix for id to v3 format
* log a message when creating devices that a deprecated interface
  is being utilized.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>

(cherry pick from commit 099e2c1f6f706a8600c1cef74cce9066fc315480)

Change-Id: I47929a5432977a1d7235267a435cec0a7d6bd440
2014-02-28 13:49:11 -08:00
Martijn Coenen
89343c1113 logd: Remove $(KERNEL_HEADERS) include.
Points to wrong kernel-headers dir in multi-arch
builds.

(cherry picked from commit 920a5629ff)

Change-Id: I5055bf5cd80119a34f0a6b0872ffb0a422a06baf
2014-02-27 07:57:05 -08:00
Mark Salyzyn
0175b0747a logd: initial checkin.
* Create a new userspace log daemon for handling logging messages.

Original-Change-Id: I75267df16359684490121e6c31cca48614d79856
Signed-off-by: Nick Kralevich <nnk@google.com>

* Merge conflicts
* rename new syslog daemon to logd to prevent confusion with bionic syslog
* replace racy getGroups call with KISS call to client->getGid()
* Timestamps are filed at logging source
* insert entries into list in timestamp order
* Added LogTimeEntry tail filtration handling
* Added region locking around LogWriter list
* separate threads for each writer
* /dev/socket/logd* permissions

Signed-off-by: Mark Salyzyn <salyzyn@google.com>

(cherry picked from commit 3e76e0a497)

Author: Nick Kralevich <nnk@google.com>
Change-Id: Ice88b1412d8f9daa7f9119b2b5aaf684a5e28098
2014-02-26 09:52:35 -08:00