Commit graph

223 commits

Author SHA1 Message Date
Mark Salyzyn
ad3fdd3407 liblog: reset pid and uid cache after a vfork()
(cherry pick from commit ec4f5c776d)

Bionic getuid() and getpid() calls cache to reduce the need to
perform a syscall, and also reset their own cache after a vfork().
No more need for liblog to be performing this flawed cache operation.

Bug: 30085794
Change-Id: I70feed8bff0ddd919c2885a348ba67b14ddc0e0d
2016-07-14 08:49:02 -07:00
Rubin Xu
08660a811e Return correct length from pmsgRead()
Bug: 28610769
Change-Id: I38cac786ca43ef8d9530f4e2e5a0bdd4cc3bccef
2016-05-09 16:53:30 +00:00
Mark Salyzyn
787b4b8ed2 Merge "liblog: O_CLOEXEC flag on opens" into nyc-dev 2016-04-29 16:15:02 +00:00
Mark Salyzyn
2b409c9bc7 liblog: O_CLOEXEC flag on opens
(cherry pick from commit 78786da116)

Bug: 28455828
Change-Id: Ic00101a6192aab7271cb0c3461e249a77d7f29ed
2016-04-29 08:08:39 -07:00
Mark Salyzyn
358cf8a919 liblog: logcat -g readable size wrong
(cherry pick from commit ccfb244b36)

Bug: 28451229
Change-Id: I4bbc2bed933d69416c23cc7af617be3fb55d0b62
2016-04-29 07:45:29 -07:00
Mark Salyzyn
504daa654e liblog: android_log_isloggable failing apct
(cherry pick from commit efe8ecc1d9)

- periodic failures in apct, dropped second serial test
  in refresh_cache, trusting check_cache or global.
- The retry loop to see if is_loggable recovers of 1000
  was hiding subsequent tests, drop to 10 retries.
- On the whole, the average performance remains the same.

Bug: 25792367
Change-Id: I4110440ef46671d7a1c128689bde623808bed04f
2016-04-19 07:23:17 -07:00
Mark Salyzyn
f58e58a15c liblog: suppress pmsg on user builds
(cherry pick from commit 7ef5249afa)

- add optimized & cached LIBLOG_HIDDEN __android_log_is_debuggable()
- check when writing, either LOG_ID_SECURITY, SafetyNet or
  debuggable when pushing content to the pmsg buffer.

Bug: 27566046
Change-Id: I85f1b55ec329b38e00f4183836b6ed53046c323d
2016-03-31 13:58:56 -07:00
Mark Salyzyn
5e635f7c06 liblog: gate write on log id available
(cherry pick from commit c33103c440)

- Secure LOG_ID_KERNEL in writer
- Secure LOG_ID_SECURITY in reader and writer
- if writer transport says not available, do not write to that log id

Bug: 27566046
Bug: 27896341
Change-Id: If63a78a56fb94adfbf9979454c4cadb81af45c19
2016-03-29 12:53:44 -07:00
Mark Salyzyn
93101bea8b liblog: update Android.bp
Update Android.bp to match the version in AOSP.

Change-Id: I93aba0f93a7a8d255073661331f1d966a53e20aa
(cherry picked from commit c457a4b73e)
2016-03-24 13:45:00 -07:00
Mark Salyzyn
476b771bda liblog: logprint: deal with malformed log messages
(cherry picked from commit 083c53462a)

Try to print as much content as possible should the application
logging only submit content as part of a tag with an empty message.
We search for the first non-printable ascii character in the tag, in
order to split it up for printing.

Applications (such as com.yahoo.mobile.client.android.weather) that
malform their log messages will no longer be punished by truncating
the content, but this should never be considered advocacy for their
bad behavior.

Bug: 27585978
Change-Id: Idb0680e8d6a6ad2bef5150661905acccb5b70afb
2016-03-24 12:21:53 -07:00
Mark Salyzyn
2b8157d9fd liblog: add __android_log_pmsg_file_read
(cherry pick from commit 864e8e80e4)

- This is considered an Android Private function, not exported
  for general use.
- goal is to retreive a file's content from a series of log
  messages from pmsg, to be retrieved after a reboot for
  transfer to a persistent location.
- files are presented in reverse sorted order, first based on
  _any_ numerical content, then by alphanumeric order.
- Add a gTest for this function, relies on gTest for
  liblog.__android_log_pmsg_file_write from prior to reboot.

Bug: 27176738
Change-Id: If37ef423009bd28b598b233af3bccef3429bdc22
2016-03-22 14:08:00 -07:00
Mark Salyzyn
10bdf61e5f liblog: add __android_log_pmsg_file_write
(cherry pick from commit d4b061bde2)

- This is considered an Android Private function, not exported
  for general use.
- goal is to record a file's content into a series of log
  messages into pmsg, to be retrieved after a reboot for
  transfer to a persistent location.
- filename reference is converted to a tag-unique
  "<dirbase>:<filebase>".
- buffer and length representing the filename contents are
  recorded, along with a sequence number placed into the nsec
  time field to ANDROID_LOG_PMSG_FILE_MAX_SEQUENCE.
- Add a gTest for this function.

Bug: 27176738
Change-Id: If93df3ae8bfc1bb75516d4a1fd8dae0301af644b
2016-03-22 14:07:54 -07:00
Mark Salyzyn
facf94c74a liblog: split out transports into separate files
(cherry pick from commit 018a96d03f)

Create config_logger, logger and logger_read to house the log
interfaces. Add fake_logger, logd_logger and pmsg_logger to
house the write and read transports. Allows for an easier and
direct path to add new transports to the library.

SideEffects: None, logger benchmark performance unaffected

Bug: 27176738
Bug: 27405083
Change-Id: I01b38637334a5242905c8c89f6ab0a92e2540008
2016-03-22 14:06:00 -07:00
Mark Salyzyn
53263ffa00 liblog: test: security buffer is allowed to be denied
(cherry pick from commit 29e70a98fe)

Bug: 27405083
Change-Id: I7cbc8fda326a2aea3bef5dabee9d3290cc818b24
2016-03-16 09:05:15 -07:00
Mark Salyzyn
a6f2f81d1e liblog: test: do not LOG in signal handler
(cherry pick from commit 50af7f8b1d)

- We actually are logging in a signal handler, the title is bluster
  to remind developers. It is not a reliable path though as it can
  lock up. Our goal is to minimize the chances of a lockup regardless
  in the name of stability only. The test remains to catch regression
  in the name of code quality and reliability. Expected to be
  >99.999% reliable.
- Add a new _correct_ duplicate test that uses signal to release a
  semaphore to a thread that performs the task. This path is expected
  to be 100% reliable.

Bug: 27405083
Change-Id: Ibb7cf4b13e34ebfac2db2af8724b7db7a27f81a8
2016-03-16 09:04:30 -07:00
Mark Salyzyn
73207ce139 liblog: truncate logtags that overflow prefixBuf
(cherry pick from commit 2f83d679dd)

Bug: 27585978
Change-Id: If2f45e8787b05b46491a771702746cfc248b9ccd
2016-03-14 10:08:06 -07:00
Mark Salyzyn
6d753faaf8 liblog: audit declare LIBLOG_ABI_PUBLIC
(cherry pick from commit be1d3c21b5)

- replace <sys/cdefs.h> with local "log_cdefs.h" which
  fortifies and expands definitions, adding LIBLOG_ABI_PUBLIC,
  LIBLOG_HIDDEN, LIBLOG_ABI_PRIVATE and LIBLOG_WEAK.
- clearly tag each interface as LIBLOG_ABI_PUBLIC, LIBLOG_HIDDEN,
  LIBLOG_ABI_PRIVATE, LIBLOG_WEAK or static depending on scope
- Add -fvisibility=hidden to ensure nothing else leaks
- some code standard adjustments

Bug: 27566046
Change-Id: Ic14033c4e6d833d973beb035ddc1c6134fb35a3f
2016-03-10 14:44:27 -08:00
Mark Salyzyn
029c737380 liblog: document fakeLogClose never to be called
(cherry pick from commit bc81b17e06)

Bug: 27107691
Change-Id: Ia699646ec2e83ca46f8b62b5d4f144e533b36074
2016-03-10 14:44:22 -08:00
Mark Salyzyn
8edbbe1dc1 fake_log_device: long lived allocations
(cherry pick from commit 0085a135b9)

Use static space for long lived allocations as they
will appear to act like a memory leak. Resort to a
larger on-stack iovec to reduce the chances of an
allocation. Fix bug in writer where not enough size
was available for "security" buffer name. Minor
transitions to more consistent coding style.

Bug: 27107691
Change-Id: I68c918e7b916b1ae3b04829d48b3eddaa0a7e739
2016-03-10 14:44:16 -08:00
Dan Willemsen
9dddd137c7 Fix windows 64-bit builds
pid_t is 64-bit in 64-bit mingw, but the windows process/thread
functions return a DWORD(uint32_t). Instead of promoting to a pid_t and
fixing the format strings, just use a uint32_t to store the values.

android_thread_id also cannot be a 64-bit pointer, so for windows just
force it to be a uint32_t.

libutils/ProcessCallStack only works under Linux, since it makes heavy
use of /proc. Don't compile it under Windows or Darwin.

Bug: 26957718

(cherry picked from commit 86cf941c48)

Change-Id: I8d39d1951fea1b3011caf585c983e1da7959f7c0
2016-02-25 18:43:55 -08:00
Mark Salyzyn
a4f2ef1b05 liblog: __android_log_error_write use event list library
(cherry pick from commit 81f407be36)

Switch to the event list library to compose the associated event.

SideEffects: Instead of composing event on a stack buffer of 512
             bytes in size, a PAGE is allocated temporarily.

Bug: 27356456
Change-Id: Ic15a87f49385834c2287ed82c26439b2c5eb4f77
2016-02-25 15:54:28 -08:00
Mark Salyzyn
d9aee653d1 liblog: test: __android_log_error_write accuracy
(cherry pick from commit 5cecedc6e8)

Add a test to confirm exact expected content using the testframe
setup for the events log handler. Remove dependency on 512 truncation
in liblog->
android_errorWriteWithInfoLog__android_logger_list_read__data_too_large
to something more liberal.

Bug: 27356456
Change-Id: I8a53ad3a16cf16b14856efe5b95417e857c7e09b
2016-02-25 15:53:44 -08:00
Mark Salyzyn
1d5afc9e08 liblog: add android_log_write_string8_len
(cherry pick from commit 67d7eafd56)

android_log_write_string8_len(android_log_context ctx,
                              const char *value, size_t maxlen)

Caps the supplied string to a maxlen length. Alter API to handle
a NULL pointer for the value string for this and
android_log_write_string8() and instead of returning -EINVAL,
act like a null string "" was supplied to preserve the list
location. API is also changed to report the number of characters
actually placed into the android_log_context.

Bug: 27356456
Bug: 19235719
Change-Id: I6a03d405eac1d741555dd05555513ec691e7a46e
2016-02-25 15:53:00 -08:00
Mark Salyzyn
9dd6510dd0 liblog: event log list logging handler
(cherry pick from commit bd1ad049b2)

Based off an initial request and effort by williamluh@google.com

- Added the following functions:

* Composing and Writing:

android_log_context create_android_logger(uint32_t tag)

int android_log_write_list_begin(android_log_context ctx)
int android_log_write_list_end(android_log_context ctx)

int android_log_write_int32(android_log_context ctx, int32_t value)
int android_log_write_int64(android_log_context ctx, int64_t value)
int android_log_write_string8(android_log_context ctx, const char *value)
int android_log_write_float32(android_log_context ctx, float value)

int android_log_write_list(android_log_context ctx, log_id_t id)

* Reading and Interpreting:

android_log_context create_android_log_parser(const char *msg, size_t len)

android_log_list_element android_log_read_next(android_log_context ctx)
android_log_list_element android_log_peek_next(android_log_context ctx)

* Destroy context used above:

int android_log_destroy(android_log_context *ctx);

- Added unit gTests

We moved implemented android_log_buffer_to_string() to the test since
it is an alternate for already existing logprint functionality.
Please move into liblog should it be of some common use, otherwise
as is it is a good means of stessing the reading and interpreting
handlers.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 19235719
Change-Id: I4aa1927e8e6a75f0a129d15a27c891cf1ccd4f5c
2016-02-23 07:45:49 -08:00
Mark Salyzyn
b7a0166b00 liblog: deal with warning messages
(cherry pick from commit b525884edb)

- Fix bug in fake_log_devices when it can not allocate memory
  failing to use the full on-stack buffer as backup.
- remove superfluous code.

Bug: 27265662
Change-Id: I97b6cca5f4ce8ecad9beb3a08353de596d6a4ad1
2016-02-22 15:46:22 -08:00
Colin Cross
a2dd73424f Merge "liblog: remove strdup from logging calls" 2016-02-03 21:48:37 +00:00
Colin Cross
7a106f7c12 liblog: remove strdup from logging calls
strdup to a static pointer is unnecessary, strlcpy into a static buffer
instead.  Avoids allocations in the ALOG* path, allowing liblog to be
used by libmemleak.

Change-Id: Ie0986da27c1fc5eb8ce4ebb076b513be8e1ee676
2016-02-02 13:55:42 -08:00
Mark Salyzyn
8fa8896d2e logd: security buffer only AID_SYSTEM reader
- limit AID_SYSTEM uid or gid to read security buffer messages
- adjust liblog tests to reflect the reality of this adjustment

To fully test all security buffer paths and modes

$ su 0,0,0 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 1000,1000,1000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 2000,2000,2000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*

ToDo: Integrate the above individually into the gTest Q/A testing

Bug: 26029733
Change-Id: Idcf5492db78fa6934ef6fb43f3ef861052675651
2016-02-01 13:29:06 -08:00
Mark Salyzyn
9107c462ce liblog: check getgroups for AID_LOG for AID_LOG_SECURITY
Bug: 26792035
Change-Id: I634d3c8f9f3175956bd70e80daa479af40180f90
2016-01-26 13:32:02 -08:00
Mark Salyzyn
7cc8013e37 liblog: fix android_log_printLogLine empty event string
Allow _one_ empty line to get through before evaluating
further. Add __android_log_bswrite testing for content
and contentless cases; checking for propagation and for
expected printing. As for printing which is fixed here,
security variants cover the same code paths as the events.

Bug: 26646213
Change-Id: I484718aa604e0a00afde4c34a00e87468ea93aa5
2016-01-20 14:15:19 -08:00
Rubin Xu
d545d2930e Add logd security buffer tag types and string write API.
Bug: 22860162
Change-Id: I1cceed3462eaebdd8208abf101b127f27f0023a7
2016-01-19 17:13:28 +00:00
Mark Salyzyn
1a5bac2069 Merge "Revert "logd: liblog: whitelist "snet_event_log""" 2016-01-06 21:22:04 +00:00
Mark Salyzyn
0ee8de3c2d Revert "logd: liblog: whitelist "snet_event_log""
Callers will not guarantee that they can or will ratelimit, we need to
retain the ability to blacklist snet_event_log as a result.

This reverts commit 6aa21b225d.

Bug: 26178938
Change-Id: Ibf47d2e23a84c56f5f72d02312c698df7ff2b601
2016-01-06 21:19:23 +00:00
Dan Willemsen
d68c35a9ce liblog: Update Android.bp to match Android.mk
Change-Id: Ic887493c03d133a566a96c1c5b65dcd67e5d7131
2016-01-05 13:09:35 -08:00
Mark Salyzyn
6aa21b225d logd: liblog: whitelist "snet_event_log"
Dangerous bridge to cross to whitelist, who is special, who is not?
Rationalized as these events are used to catch exploits on platform.
As it stands no one should be allowed to block any messages in the
security context, not even for development purposes.

Bug: 26178938
Change-Id: Ibdc76bc0fe29ba05be168b623af1c9f41d7edbd2
2015-12-30 10:07:19 -08:00
Mark Salyzyn
a014004752 liblog: add __android_log_is_loggable checking to writer
Add __android_log_is_loggable() checking for all buffers except
LOG_ID_SECURITY. Return -EPERM if blocked. Since we are sniffing
the log tag, check validity and return -EINVAL.

NB: Try not to call __android_log_is_loggable() in native code within
a signal handler. Both here, and in the system properties, there
are locking paths that are not guaranteed to play well in that
environment. This has also been the case for the log writer path
even before this change. All attempts have been made to use trylock,
and to use a more expensive code path when contention occurs rather
than lead to deadlock.

Bug: 19544788
Bug: 26178938
Change-Id: I98738c662f6328189a6703251eb8721a05e956f9
2015-12-30 10:03:37 -08:00
Mark Salyzyn
31ca3c3770 liblog: build break
Some compilers erroneously see uninitialized use, even despite all
accesses being behind !not_locked. Confirmed initialization does not
affect expected performance.

Bug: 26178938
Bug: 26029733
Bug: 17760225
Change-Id: Ib36ed8dd2c4b196ca84ef79a9531625dcee77e15
2015-12-22 10:49:35 -08:00
Mark Salyzyn
a67d8a53c7 liblog: is loggable is flaky
- Deal with __android_log_is_loggable inside signal handler by
  treating a lock contention system call as more costly than reading
  the associated property directly. Rather waiting around in a
  contended stat to hit cache.
- Check both the individual known __system_property_serial() and
  global __system_property_area_serial() to detect updates or
  additions to the properties to respond in the most aggressive and
  timely manner. __android_log_is_loggable() return at max CPU
  clockrate on a N9 in 61ns.
- Craft a common do_cache2 inline that adds the above to the other
  functions that utilize cache handling and preserves (within 3ns)
  performance in android_log_clockid() and __android_log_security().
  These functions return at max CPU clockrate on a N9 in 23ns.

Bug: 19544788
Bug: 25693940
Bug: 25792367
Bug: 26178938
Change-Id: I9cd94598f5c558e946b93977ad3714a4b03d0422
2015-12-22 10:06:22 -08:00
Mark Salyzyn
77c166b5dd liblog: test: instrument is_loggable failures
Bug: 25792367
Change-Id: Ia34f8e7ea0bd7f15bf705afd3a1c631a56d1c479
2015-12-18 15:17:51 -08:00
Mark Salyzyn
ee3b838e13 logd: statistics per-pid filter
Primarily gives access to the Chattiest TIDs and TAGs
associated with a pid.

Has a secondary effect of allowing us to pull out the
command line, comm and in some cases the associated
PACKAGE for a specific pid while the logs are still
present even if the executable is gone.

Bug: 26029733
Bug: 21615139
Change-Id: I1ea63165a680a9318360579b70b1512078ed5682
2015-12-18 13:17:37 -08:00
Mark Salyzyn
5d8742feb6 Merge "liblog: test: pmsg overhead measurement" 2015-12-18 20:34:55 +00:00
Mark Salyzyn
1d51753461 Merge "liblog: Remove paranoia regarding logd" 2015-12-18 18:51:24 +00:00
Mark Salyzyn
163ebdc7cd liblog: test: pmsg overhead measurement
This test tells us that scatter-gather (writev instead of write)
carries a small ~2% penalty. Unaligned buffer carry a similar
additional penalty. On N9 it takes 3us to 22us _just_ to write
the pmsg logs, depending on size. Some assumptions about the
socket read and write performance for the main logging can be made
from tracking these results and should improve design decisions.

Bug: 18771697
Bug: 23685592
Change-Id: Id4d64c449140e4f39078c62b0097e403df91fe0c
2015-12-16 13:12:56 -08:00
Mark Salyzyn
7bc8023857 liblog: logprint security ANDROID_LOG_WARN
Bug: 26029733
Change-Id: I4f0cffc0a45819fb48807bf06ce336316276369d
2015-12-11 12:37:22 -08:00
Mark Salyzyn
86052a5d4f Merge "logd: liblog: logcat: Add LOG_ID_SECURITY" 2015-12-11 17:33:33 +00:00
Mark Salyzyn
42ae82742b liblog: test for maximum payload can not survive change
If we adjusted the maximum log payload, Resolve compile
issues resulting from the changes (gTest).

Bug: 25996918
Change-Id: I672b0f4d9d4a1394a5b2e27bf81a5e906bf92a10
2015-12-09 08:12:07 -08:00
Mark Salyzyn
2aa510e8b4 liblog: logprint use uid name if length less then 5
Bug: 25996918
Change-Id: Id882978b7b0b439e39bedeafc39edf80892f0317
2015-12-09 08:12:07 -08:00
Mark Salyzyn
90e7af30a5 liblog: logprint add uid format modifier
Bug: 25996918
Change-Id: Idff5e080fc5c7b69e0c45d3f596eb9d632451cbd
2015-12-09 08:12:07 -08:00
Mark Salyzyn
8646a54ece liblog: readlog apps get logger_entry_v4 for pstore
Adds the uid field to outgoing content for readlog applications.
AID_LOG, AID_ROOT and AID_SYSTEM gain access to the information.

Bug: 25996918
Change-Id: Ib124eca12c004cdd6e57b98e0aae6ddced385cf6
2015-12-09 08:12:07 -08:00
Mark Salyzyn
083b037c07 logd: liblog: logcat: Add LOG_ID_SECURITY
- Largish commit, buffer and access controls done together
- Add LOG_ID_SECURITY binary content log
- Add "default" meta buffer
- allow LOG_ID_SECURITY only from AID_SYSTEM and AID_ROOT UID & GID
- Use __android_log_security() to gate logging
- Add __android_log_security_bwrite() native access to security
  logging.
- Add liblog.__security_buffer end-to-end gTest

Bug: 26029733
Change-Id: Ibcf5b4660c17c1aa6902c0d93f8ffd29c93d9a93
2015-12-08 16:46:29 -08:00