Commit graph

598 commits

Author SHA1 Message Date
Mark Salyzyn
247d682fe1 logd: sepolicy dynamic rate limiting
Processing overhead for selinux violation messages is costly. We want
to deal with bursts of violations, but we have no intent of allowing
that sustained burst to go unabated as there is a cost of processing
and battery usage.

Tunables in libaudit.h are:

AUDIT_RATE_LIMIT_DEFAULT 20        /* acceptable burst rate      */
AUDIT_RATE_LIMIT_BURST_DURATION 10 /* number of seconds of burst */
AUDIT_RATE_LIMIT_MAX     5         /* acceptable sustained rate  */

Since we can only asymptotically handle DEFAULT rate, we set an upper
threshold of half way between the MAX and DEFAULT rate.

Default kernel audit subsystem message rate is set to 20 a second.
If sepolicy exceeds 125 violation messages over up to ten seconds
(>=~12/s), tell kernel audit subsystem to drop the rate to 5 messages
a second.  If rate drops below 50 messages over the past ten seconds
(<5/s), tell kernel it is ok to increase the burst rate back to 20
messages a second.

Test: gTest logd-unit-tests --gtest_filter=logd.sepolicy_rate_limiter_*
Bug: 27878170
Change-Id: I843f8dcfbb3ecfbbe94a4865ea332c858e3be7f2
2017-01-04 14:46:58 -08:00
Treehugger Robot
5badada997 Merge "LogAudit.cpp: replace newlines with spaces in audit messages" 2017-01-03 22:21:37 +00:00
Nick Kralevich
2e58867771 LogAudit.cpp: replace newlines with spaces in audit messages
Some kernels have a bug which causes a newline to show up in audit
messages. The embedded newlines cause one message to look like two due
to prefix controls.

Replace any newlines with spaces. Duplicate spaces are further
consolidated in code immediately after this newly added code.

Test: create an audit message with a newline, and watch it be cleaned up.
Bug: 27878170
Change-Id: Id90c29ab9e10d3be96f51403b0293622d782422a
2017-01-03 12:39:28 -08:00
Mark Salyzyn
ce80da3018 logd: Add support for ro.logd.auditd.[main|events]
log selinux audit messages boolean (true or false, default true)
selection for logging destinations:

ro.logd.auditd - turn on logd.auditd to pick up violations.
ro.logd.auditd.dmesg - to the kernel log.
ro.logd.auditd.main - to the "main" log buffer.
ro.logd.auditd.events - to the "events" log buffer.

We used to also read logd.auditd.dmesg and persist.logd.auditd.dmesg
which do not get refreshed when /data mounts internally.  This is a
confusing state as these properties will be read after a logd crash
and restart, adjusting the behavior of the logger.  Same can be said
for logd.auditd as well.  Drop reading these other parameters.

Test: manual set r/o parameters, stop/start logd to confirm behavior
Bug: 33969000
Bug: 27878170
Change-Id: I1a6bb4a903074c9aa7b227cf583a0094d49cbefd
2017-01-03 09:44:42 -08:00
Mark Salyzyn
1736c4866c logd: gtest: logd.timeout socket does not clean up properly
Until the socket ages out, it sticks around and gets reused in
subsequent tests affecting the outcome of those tests.  We opt
to run logd.timeout in a forked and isolated process to keep
these conditions from interfering.

Adjusted benchmark execute to only run the tests we are
interested in to improve the time it takes to run.

Commented some areas of code to make them easier to maintain.

Test: gTest logd-unit-tests success
Bug: 33962045
Change-Id: Ic1b98bc4a2d7e8927f1a87628e3bcc368c9cf8ce
2016-12-29 12:59:22 -08:00
Mark Salyzyn
684bdb576d logd: LogBufferElementKey use uint32_t for uid
Test: gTest liblog-unit-tests, logd-unit-tests & logcat-unit-test
Change-Id: Icae34b1fa0b3df0a45ad175ec81aaf232f322f38
2016-12-21 12:16:46 -08:00
Treehugger Robot
2ead17196c Merge "logd: trailing spaces in log statistics (part deux)" 2016-12-20 18:16:15 +00:00
Treehugger Robot
1fa079b255 Merge "Revert "logd: trailing spaces in log statistics"" 2016-12-20 18:16:00 +00:00
Treehugger Robot
27425fd80d Merge "logd: sum liblog tag messages" 2016-12-19 23:43:48 +00:00
Treehugger Robot
9fa0215e15 Merge "logd: correct duplicate message state machine" 2016-12-19 23:43:23 +00:00
Mark Salyzyn
b545e1c9e3 logd: trailing spaces in log statistics (part deux)
Test: manual
Bug: 30118730
Change-Id: Iafda6f95e1b1377649e01868c81c0056c116e01b
2016-12-19 15:06:42 -08:00
Mark Salyzyn
d966e22680 Revert "logd: trailing spaces in log statistics"
Caused +/- field data to land under the Pruned column

This reverts commit 0adcc3e3e8.

Test: manual
Bug: 30118730
Change-Id: Ic75ce3a90baded19f3efc0cc77474fe5d9a8accd
2016-12-19 15:06:37 -08:00
Mark Salyzyn
1dfb4de436 logd: sum liblog tag messages
As an extension to the duplicate multiple message filtering, special
case liblog tagged event messages to be summed.  This solves the
inefficient and confusing duplicate message report from the DOS attack
detection such as:

liblog: 2
liblog: 2
liblog: 2
liblog: 2
liblog: 3

which would result in:

liblog: 2
chatty: ... expire 2 lines
liblog: 2
liblog: 3

And instead sums them and turns them all into:

liblog: 11

liblog messages should never be subject to chatty conversion.

Test: liblog-benchmarks manually check for coalesced liblog messages
      and make sure they do not turn into chatty messages.
      Instrumented code to capture sum intermediates to be sure.
Bug: 33535908
Change-Id: I3bf03c4bfa36071b578bcd6f62234b409a91184b
2016-12-19 14:03:38 -08:00
Mark Salyzyn
8f83a35511 logd: correct duplicate message state machine
Inspection turned up that for the case of three identical messages,
the result would be a stutter of the first message only.  Added
comments to describe the state machine, incoming variables, outcoming
and false condition outputs, for proper maintenance in the future.

Test: gTest liblog-benchmarks BM_log_maximum* and manually check
      for correct midstream chatty messages,
Bug: 33535908
Change-Id: I852260d18a484e6207b80063159f1a74eaa83b55
2016-12-19 14:01:45 -08:00
Mark Salyzyn
3296291cff logd: add android::sizesTotal() function
Test: gTest liblog-unit-tests, logd-unit-tests and logcat-unit-tests
Bug: 31456426
Change-Id: I6fb6cd589227fc43d22f9336e01f1bf7e3feb24c
2016-12-19 08:00:16 -08:00
Mark Salyzyn
a2c022257c logd: record multiple duplicate messages as chatty
If a series of messages arrive from a single source with identical
message content payload, then suppress them and generate a chatty
report.  The checking is done on a per log id basis.

This alters the assumption that chatty messages are always at the
oldest entries, they now show up in the middle too.  To address this
change in behavior we print the first line, a chatty reference
which internally takes little space, then the last line in the series.

This does not conserve processing time in logd, and certainly has no
impact on the long path of formatting and submitting log messages from
from the source, but it may contribute to memory space and signal to
noise savings under heavy spammy loads.

Test: gTest liblog-unit-tests, logd-unit-tests & logcat-unit-tests
Bug: 33535908
Change-Id: I3160c36d4f4e2f8216f528605a1b3993173f4dec
2016-12-15 16:31:51 -08:00
Jeff Sharkey
dff44709cf Define range of GIDs for cached app data.
To support upcoming disk usage calculation optimizations, this change
creates a new GID for each app that will be used to mark its cached
data.  We're allocating these unique GIDs so that we can use
quotactl() to track cached data on a per-app basis.

This change also tightens up the implementation of both the cache
and shared GID calculation to ensure that they stay inside the valid
ranges, and includes tests to verify.

Test: builds, boots, tests pass
Bug: 27948817
Change-Id: Ie4377e5aae267f2da39a165888139228995987cb
2016-12-13 13:28:08 -07:00
Mark Salyzyn
0eeb06b932 utils: Add FastStrcmp.h
Move existing fast<str*cmp> templates for general use, pulled from
the implementation used in logd that dealt with speed through cache
locality and subroutine call mitigation.  Rename to fastcmp.

Test: logd-benchmarks and based on manual profiling from the past
Bug: 31456426
Change-Id: Ic62f4a437fc3e06ffdeaae73a6f34e197957a6b0
2016-12-09 12:40:17 -08:00
Mark Salyzyn
10f4044341 Merge "system/core: replace EVENT_TAG_MAP_FILE with NULL"
am: 9bfd9f558b

Change-Id: Ief7fcc4f7dd8086186b38c091fed626560ca7215
2016-11-29 19:46:50 +00:00
Mark Salyzyn
1179eb8048 system/core: replace EVENT_TAG_MAP_FILE with NULL
NULL represents system default.  In the future, NULL could represent
static and dynamic tags, which can come from multiple files based on
implementation details in the liblog library.

Test: gTest logd-unit-tests & liblog-unit-tests
Bug: 31456426
Change-Id: I0e3d296de81ca299ae63d7b83781639ee67ec298
2016-11-21 11:13:02 -08:00
Mark Salyzyn
2cfd0e08e9 Merge "logd: add EXIT command"
am: 16300f192b

Change-Id: Idd68cfba26f8fcc928db4fe2483d30e5d4f49a59
2016-11-18 16:10:23 +00:00
Mark Salyzyn
c8749d5108 logd: add EXIT command
Debugging aid. Allows us to run:

$ cat -n '<STUFF>\0EXIT\0' | nc -U /dev/socket/logd

and the pipeline will exit once done. Without the EXIT command
we will have to <CTRL+C> out to terminate the pipeline. This is
necessary since Android's netcat command does not support the -q
feature, and having the EXIT command is faster and cleaner anyways.

Test: manual as noted above.
Bug: 31456426
Change-Id: I65333358188db85e2eb1bb6a14deed1565826ac4
2016-11-17 14:42:33 -08:00
Mark Salyzyn
809dee506e Merge "libcutils: move cutils/files.h to cutils/android_get_control_file.h"
am: 8c41e791ed

Change-Id: Ifbc00285da734859d590153a7c6cfc8e51c014f9
2016-11-17 15:33:02 +00:00
Mark Salyzyn
52bd37e633 libcutils: move cutils/files.h to cutils/android_get_control_file.h
files.[h|cpp] is bound to be abused with junk, replace with
android_get_control_file.[h|cpp]. Plus some sundry cleanup.

Test: gTest libcutils-tests, logd-unit-tests, liblog-unit-tests,
      logcat-unit-tests and init_tests
Bug: 32450474
Change-Id: Ibd4a7aa4624ea19a43d1f98a3c71ac37805d36b5
2016-11-16 15:56:56 -08:00
Mark Salyzyn
49893142ec logd: report last prune memory overhead
am: b0672290e3

Change-Id: I4b060ad4427e24170cc7a3aeae7aa9f6643ba8d6
2016-11-04 20:57:16 +00:00
Mark Salyzyn
1970d994b6 logd: report statistics memory overhead
am: 6d981af120

Change-Id: I69376a8783867a21f0cd85eea4b299f3d2c81a95
2016-11-04 20:57:12 +00:00
Mark Salyzyn
f8ba9eb1a3 logd: if eng build, be a bit more permissive about failures
am: 107e29ac1b

Change-Id: I85ebcae9f756bf2feb79e6d77ea63ad0b2ff4829
2016-11-04 14:43:47 +00:00
Mark Salyzyn
21dbb8aece logd: start logd service in logd uid
am: 77fdb22cf6

Change-Id: I38d93fb74ea4f37ee137f78063d082637b8fd68a
2016-11-04 14:43:36 +00:00
Mark Salyzyn
3d2c4829a0 logd: auditd + klogd control CAPS
am: d2b3291ffa

Change-Id: I7d8fd4a7df7ceffd90e8eaab03861ae426cbf35b
2016-11-04 14:43:31 +00:00
Mark Salyzyn
83a40b0eb2 logd: drop capabilities in logd --reinit and logd.daemon
am: d8f01807b8

Change-Id: I17f06463258e95a6cc83242cc8a8d4bb0ccb4907
2016-11-04 14:43:26 +00:00
Mark Salyzyn
c65f2ca81f logd: drop libminijail dependency
am: f0b8e1bce6

Change-Id: I968916b41f82fa1cbe4f7ac37dc75c938a9c1627
2016-11-04 14:43:21 +00:00
Mark Salyzyn
b0e425abc4 logd: start logd services in logd gid
am: 5b44340acb

Change-Id: Id9f27660a09e640815071dac85ed4bac78172886
2016-11-04 14:43:17 +00:00
Mark Salyzyn
b0672290e3 logd: report last prune memory overhead
An estimate based on chatty impact for all known pids, uids and tags
and per log id if applicable, calculate the maximum last pruned
watermark iterator map usage and add to the Total Overhead.

Test: Confirm that the Total Overhead change is negligable.
Bug: 31942525
Change-Id: Icd2e9bc0747c3376ca0e9c90aa110c103529d98f
2016-11-04 07:43:16 -07:00
Mark Salyzyn
6d981af120 logd: report statistics memory overhead
Add in to the Total Overhead the amount of storage we are
using to hold on to the statistics.

Test: see that the Total Overhead accounts for about 100K
Bug: 31942525
Change-Id: Ibe241c0bccc5a9df52395802338c8a7fc3b64104
2016-11-04 07:43:16 -07:00
Mark Salyzyn
1259d9ea4b logd: inherit android_get_control_file()
am: e0b8ccd1a3

Change-Id: I7b6fc3898d2e69542309fe120122849579f91f22
2016-11-04 14:43:07 +00:00
Treehugger Robot
fc3e90689e Merge changes I432016e2,Id208b11b,Ia6a38729,Icdaf9e35,I842a7a64, ...
* changes:
  logd: if eng build, be a bit more permissive about failures
  libcutils: klog inherit android_get_control_file("/dev/kmsg")
  logd: start logd service in logd uid
  logd: auditd + klogd control CAPS
  logd: drop capabilities in logd --reinit and logd.daemon
  logd: drop libminijail dependency
  logd: start logd services in logd gid
  logd: set executable's capabilities in file system
  logd: inherit android_get_control_file()
  init: service file keyword
  libcutils: add android_get_control_file()
  libcutils: add android_get_control_socket() test
2016-11-04 14:38:23 +00:00
Mark Salyzyn
cb2314e5bd Merge "logd: switch to using arraysize() from libbase macros"
am: fc08963f85

Change-Id: If17fd9389ec65f379fa42096e835be2ed667f703
2016-11-03 22:14:34 +00:00
Treehugger Robot
fc08963f85 Merge "logd: switch to using arraysize() from libbase macros" 2016-11-03 22:07:42 +00:00
Mark Salyzyn
d1687af980 logd: clear DUMPABLE
am: 6a70ded7bf

Change-Id: I4bcfb53d9c4a13761c80a8f2070320c85b486b0b
2016-11-03 21:01:45 +00:00
Mark Salyzyn
107e29ac1b logd: if eng build, be a bit more permissive about failures
Allows us some leaway to investigate logd issues on eng builds

Test: gTests logd-unit-tests, liblog-unit-tests and logcat-unit-tests
      Manual on eng builds, bad logd.rc to fake permission issues
Bug: 32450474
Change-Id: I432016e29e5601d67c502076ead941cecdcbebe7
2016-11-03 13:34:27 -07:00
Mark Salyzyn
77fdb22cf6 logd: start logd service in logd uid
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
      Manual inspect grep '^Cap' /proc/<tid>/status for correct capabilities
Bug: 32450474
Change-Id: Ia6a3872901969a789d4309d410dbfd5f5d17b3ce
2016-11-03 13:34:27 -07:00
Mark Salyzyn
d2b3291ffa logd: auditd + klogd control CAPS
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-testsa
Bug: 32450474
Change-Id: Icdaf9e352e86c9e140928509201da743004aeedb
2016-11-03 13:34:27 -07:00
Mark Salyzyn
d8f01807b8 logd: drop capabilities in logd --reinit and logd.daemon
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 32450474
Change-Id: I842a7a64f0ba695acef66caf54270f9475c9f9ac
2016-11-03 13:34:27 -07:00
Mark Salyzyn
f0b8e1bce6 logd: drop libminijail dependency
Use libcap instead of libminijail.  Set CAP_SETGID before setgroups,
then clear it afterwards.

Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 32450474
Change-Id: I2ed027fd5efd95f76b1dd4c5791bae5f2ea94c28
2016-11-03 13:34:27 -07:00
Mark Salyzyn
5b44340acb logd: start logd services in logd gid
logd - start as root:logd+system+readproc
logd-reinit - start as logd:logd

ToDo: start as logd:logd+system+readproc (libminijail)
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 32450474
Change-Id: I42c806ca1730a7f9eb9e34f064ae31a2ef9fc678
2016-11-03 13:34:27 -07:00
Mark Salyzyn
e0b8ccd1a3 logd: inherit android_get_control_file()
Setup and then collect from the environment /proc/kmsg and /dev/kmsg
file descriptors. Do not do so for logcat --reinit.

Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 32450474
Change-Id: Ied537ca561fcd4e71a9ad9c57398a23ba23f6ced
2016-11-03 13:34:27 -07:00
Mark Salyzyn
c8d3194098 logd: switch to using arraysize() from libbase macros
Test: logd-unit-tests, liblog-unit-tests & logcat-unit-tests
Bug: 32450474
Change-Id: Iacdc4677f2c83898a7812c2af2c36e7ff7d92764
2016-11-03 12:27:29 -07:00
Mark Salyzyn
6a70ded7bf logd: clear DUMPABLE
Do not allow anyone to see logd memory.

Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 32450474
Change-Id: Ic7377efcb7e1d3cd91b50741061037a0fb589045
2016-11-03 11:20:59 -07:00
Mark Salyzyn
2bbb6d65d5 Merge "logd: getTag() functional for chatty entries"
am: fbe0b45544

Change-Id: I20705e262af4ed7c36616459b1f37dadca294277
2016-10-26 14:17:28 +00:00
Mark Salyzyn
60636fa872 logd: getTag() functional for chatty entries
getTag() becomes invalid when entry is dropped because mMsg
disappears to save space; but the per-tag spam filter depends on it
still being valid.  Conserve space in LogBufferElement by optimizing
the size of the fields, then add a new mTag field that is set in the
object constructor.  Add an isBinary() method.

SideEffects: save 12 bytes/log message overhead on 64-bit.
Test: define DEBUG_CHECK_FOR_STALE_ENTRIES and look for stale entries
Bug: 32247044
Change-Id: Iaa5f416718a92c9e0e6ffd56bd5260d8b908d5c0
2016-10-25 21:48:33 +00:00
Mark Salyzyn
54977be62b Merge "logd: address code fragility in last watermarks"
am: dd153ef247

Change-Id: I4efa93b98429528cc0445eed55cfd593ba2c24d8
2016-10-24 23:12:55 +00:00
Treehugger Robot
dd153ef247 Merge "logd: address code fragility in last watermarks" 2016-10-24 23:09:15 +00:00
Mark Salyzyn
28fcac705b liblog: logd: logcat: Split out log/logger.h into public and private.
am: aeaaf81c2c

Change-Id: I124c69673c30bb5f2259849792ed4ca99f4d6b60
2016-10-24 22:53:11 +00:00
Mark Salyzyn
aeaaf81c2c liblog: logd: logcat: Split out log/logger.h into public and private.
log/logger.h pieces moved into log/log.h.  Correct for some
minor Android Coding standards.

Test: gTests liblog-unit-tests, logd-unit-tests and logcat-unit-tests
Bug: 19235719
Bug: 26552300
Bug: 31289077
Bug: 31456426
Change-Id: I0a19fd8788eec20a582e72e4c62c04534bdb1b9a
2016-10-24 11:12:49 -07:00
Mark Salyzyn
8fcfd85acc logd: address code fragility in last watermarks
Do not make the assumption that if worstPid is set, that the log
buffer id is not LOG_ID_EVENTS or LOG_ID_SECURITY. Add comments
to prevent future over-optimization based on this assumption.

Make sure we reset mLast[id] = begin() when we mark it unset, but
tell optimizer this is an _impossible_ path.

SideEffects: drop two branches in all erase calls, gain an unordered
             find() on an empty list for events and security buffers.
Test: gTest logd-unit-tests, liblog-unit-test & logcat-unit-tests
Bug: 32247044
Change-Id: Ic156ca2253c050c28021cedf48bedaf7bd692c09
2016-10-24 10:43:52 -07:00
Mark Salyzyn
ead6503178 Merge "logd: mLastWorstPidOFSystem crash"
am: c75a32aae3

Change-Id: Ief8a0847243a0f2661192325efac5ce965dde92a
2016-10-21 20:17:59 +00:00
Mark Salyzyn
fa07f9dc4b logd: mLastWorstPidOFSystem crash
mLastWorstPidOfSystem is filled with iterator references
that are not from AID_SYSTEM to aid the performance. But
we only clear entries from the list during erase if they
are from AID_SYSTEM. Remove the filter check in erase so
the stale references will be removed.

The conditions that caused this failure are difficult to
reproduce and are rare.

Test: gTests logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 32247044
Bug: 31237377
Change-Id: Ie405dd643203b816cac15eef5c97600551cee450
2016-10-21 10:20:55 -07:00
Mark Salyzyn
8a7297a09f Merge "system/core: preparation to pull back interfaces from android/log.h"
am: 27d2d49f48

Change-Id: I604bb1d4cf62636663fa92e3d14a55887dbcae23
2016-10-20 18:03:57 +00:00
Mark Salyzyn
cfd5b080af system/core: preparation to pull back interfaces from android/log.h
Point to log/log.h where necessary, define LOG_TAG where necessary.
Accept that private/android_logger.h is suitable replacement for
log/logger.h and android/log.h.

Correct liblog/README

Effectively a cleanup and controlled select revert of
'system/core: drop or replace log/logger.h' and
'system/core: Replace log/log.h with android/log.h'.

Test: compile
Bug: 30465923
Change-Id: Ic2ad157bad6f5efe2c6af293a73bb753300b17a2
2016-10-20 08:11:39 -07:00
Mark Salyzyn
1bd1e570c6 Merge "logd: Use private interfaces for buffer size properties"
am: 6da6d37c81

Change-Id: I05ec69d785c9df9c9a397947ad9f6bd4c915c078
2016-10-19 14:34:51 +00:00
Mark Salyzyn
f10e273790 logd: Use private interfaces for buffer size properties
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 31750617
Change-Id: I692577cfdf4bf8c93616f32df4b56786918aef1c
2016-10-18 09:49:51 -07:00
Mark Salyzyn
f606721b59 logd: use __android_log_is_debuggable()
am: 5740a46e4e

Change-Id: Idddc3c174b152b90dca915f7bf0cef654b41be3d
2016-10-18 16:46:06 +00:00
Mark Salyzyn
5740a46e4e logd: use __android_log_is_debuggable()
Test: gTest logd-unit-tests
Bug: 27566046
Bug: 31456426
Change-Id: I9faf88263fe62ce5bba80dc2cb928e6dbe73dbb2
2016-10-14 08:04:21 -07:00
Mark Salyzyn
c377c40531 Merge "logd: report logging memory overhead" am: d3754ff696 am: 386630f4ce
am: 1f6e063e06

Change-Id: Ia7daa52e3d3cf68dd5dcd70ba83f8aa38ae6f8da
2016-10-06 14:26:46 +00:00
Mark Salyzyn
9af33ee78c logd: report logging memory overhead
On 64 bit system, calculates to roughly 80 bytes of metadata and
list overhead for each entry.

In unit test example, we report 3388987 bytes of logging data and
overhead total, showmap reports 4652K of dirty data. We still want
to account for the remainder (fragmentation, other sources of
internal allocations etc).

Test: see values and check math
Bug: 31942525
Change-Id: I75f3162ce691faf1ae5a5dec18939fea535ede7e
2016-10-05 15:32:40 -07:00
Mohan Srinivasan
96eba22338 Merge "liblog: logd: Add android_lookupEventTag_len()" am: 093951a230 am: aed39f1f3d
am: 2acb41b46c

Change-Id: Ifd5da3780cf05863b71fad9583b1b83f4962b46f
2016-10-03 22:47:51 +00:00
Mark Salyzyn
807e40ecc9 liblog: logd: Add android_lookupEventTag_len()
Allows us to mitigate the impact of MAP_PRIVATE and copy on write by
calling android_lookupEventTag_len instead of android_lookupEventTag,
and delaying the copy on write impact to the later.  We return a
string length in a supplied location along with the string pointer
with android_lookupEventTag_len(const EventTagMap* map, size_t* len,
int tag).  The string is not guaranteed to be nul terminated.  Since
android_lookupEventTag() called even once can cause the memory
impact, we will mark it as deprecated, but we currently have no
timeframe for removal since this is a very old interface.

Add an API for __android_log_is_loggable_len() that accepts the non
null terminated content and fixup callers that would gain because the
length is known prior to the call either in the compiler or at
runtime.  Tackle transition to android_lookupEventTag_len() and
fixup callers.

On any application that performs logging (eg: com.android.phone)

/proc/<pid>/smaps before:

xxxxxxxxxx-xxxxxxxxxx rw-p 00000000 fd:00 463 /system/etc/event-log-tags
Size:                 20 kB
Rss:                  20 kB
Pss:                   1 kB
Shared_Clean:          0 kB
Shared_Dirty:         20 kB
Private_Clean:         0 kB
Private_Dirty:         0 kB
Referenced:            0 kB
Anonymous:            20 kB
AnonHugePages:         0 kB
Swap:                  0 kB
SwapPss:               0 kB
KernelPageSize:        4 kB
MMUPageSize:           4 kB
Locked:                0 kB
VmFlags: rd wr mr mw me ac

/proc/<pid>/smaps after:

xxxxxxxxxx-xxxxxxxxxx rw-p 00000000 fd:00 1773 /system/etc/event-log-tags
Size:                 20 kB
Rss:                  20 kB
Pss:                   1 kB
Shared_Clean:         20 kB  (was 0kB)
Shared_Dirty:          0 kB  (was 20kB)
Private_Clean:         0 kB
Private_Dirty:         0 kB
Referenced:           20 kB  (was 0kB)
Anonymous:             0 kB  (was 20kB)
AnonHugePages:         0 kB
Swap:                  0 kB
SwapPss:               0 kB
KernelPageSize:        4 kB
MMUPageSize:           4 kB
Locked:                0 kB
VmFlags: rd wr mr mw me ac

Added liblog-unit-tests --gtest_filter=liblog.event_log_tags to
check for Shared_Clean: to not be 0 and Anonymous: to be 0 for
all processes referencing event-log-tags.  Which can include multiple
references to /system/etc/event-log-tags and future possible refs to
/data/misc/logd/event-log-tags and /dev/event-log-tags.  We want
failure messages to help point to errant code using the deprecated
interface.

This change saves 1/4MB of memory or more on a typical system.

Test: gTest liblog-unit-tests
Bug: 31456426
Change-Id: I9e08e44d9092bd96fe704b5709242e7195281d33
2016-10-03 11:08:34 -07:00
Mark Salyzyn
c0a92b4a94 logd: logcat: Replace log/log.h with android/log.h am: 0dd4431072 am: 0f76f04072
am: a8d0a46956

Change-Id: I7c43316eef4ae12e666ea6a0126a38ac571dd41e
2016-09-30 22:17:47 +00:00
Mark Salyzyn
a06a6509d9 liblog: logd: logcat: deprecate log/log_read.h am: 004cd3c55d am: 78a459a8c8
am: 13c68b09d9

Change-Id: Icaab3eedecad8f55d8d1291b3414da5c12cec287
2016-09-30 22:17:08 +00:00
Mark Salyzyn
0dd4431072 logd: logcat: Replace log/log.h with android/log.h
Should use android/log.h instead of log/log.h as a good example
to all others.

Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: If4c9711eb57267d4707b03d54a932af9de241b13
2016-09-30 12:47:05 -07:00
Mark Salyzyn
004cd3c55d liblog: logd: logcat: deprecate log/log_read.h
Always used in combination with log/logger.h except in log_time.cpp,
and not used externally.  As a result liblog has to support stl, a
small price to pay since goal is to convert liblog to C++ internally.

Test: compile
Bug: 31456426
Bug: 26552300
Bug: 31289077
Change-Id: I72828ec807d0a2c8e40bbdebd7a69f147a7ca5a9
2016-09-30 12:47:05 -07:00
Mark Salyzyn
52cfb1cae5 Merge changes I38c76bb2,I81a55e92 am: 3aaca7dd60 am: 803e6a71f8
am: 1e9bd2d6e1

Change-Id: I57a8ca74e8ac4e61d42348b8c6a454ab1aa251cf
2016-09-02 17:47:46 +00:00
Mark Salyzyn
43a5f31e94 logd: clear all from non system user status request
pruneRows not necessarily ULONG_MAX when uid not system source,
allow for speed up for status response if pruneRows exhausted.

Change-Id: I38c76bb20215e3d96513a575e2e3bc85a5e5b41c
2016-09-02 07:41:27 -07:00
Mark Salyzyn
1eefca281e logd: crash in prune mLastWorstPidOfSystem
mLastWorstPidOfSystem is supposed to be indexed by element->getPid()

Bug: 31237377
Bug: 30797725
Bug: 30688716
Change-Id: I81a55e92f175ded1c571a0aa8836736d86b36b1d
2016-09-02 07:41:27 -07:00
Mark Salyzyn
af3623281f Merge "logger: validate hdr_size field in logger entry" am: fcf7ab8b1b am: 2d562c9dce
am: 098b5887c6

Change-Id: I4d067039a766e7079a91eb56d2ffb8d68aba58b5
2016-08-24 16:10:08 +00:00
Mark Salyzyn
2d562c9dce Merge "logger: validate hdr_size field in logger entry"
am: fcf7ab8b1b

Change-Id: Ic88fe616256ab4949040771d3bed1dfb823ab981
2016-08-24 16:05:04 +00:00
Mark Salyzyn
305374cf0f logger: validate hdr_size field in logger entry
- check hdr_size to make sure it is in the expected range
  from sizeof entry_v1 to entry (entry_v4).
- alter msg() method to report NULL on invalid hdr_size
- alter all users of msg() method.

Bug: 30947841
Change-Id: I9bc1740d7aa9f37df5be966c18de1fb9de63d5dd
2016-08-23 14:51:50 -07:00
Mark Salyzyn
f9fb584b66 Merge "logd: klogd crash (part deux)" am: 96c36d35ce am: e36dbdda43
am: 6d2e1c73a3

Change-Id: Ib31392aa400b744e144788792199931760568281
2016-08-12 14:38:18 +00:00
Mark Salyzyn
e36dbdda43 Merge "logd: klogd crash (part deux)"
am: 96c36d35ce

Change-Id: I95166c1a629007acf2da6d39a05a6586ce38177f
2016-08-12 14:30:50 +00:00
Mark Salyzyn
83b247891c logd: klogd crash (part deux)
LogBuffer::pidToUid(pid_t pid) { return stats.pidToUid(pid); }
needs to have LogBuffer::lock()/unlock() to prevent unordered_map
data corruption. This can lead to multiple symptoms, crashes and
continuous spins on corrupted iterators.

Bug: 30688716
Bug: 30050636
Bug: 30614675
Bug: 25620123
Bug: 30792935
Change-Id: I1d8fec8e5fda98c6a08645e7456b081507696b3c
2016-08-11 16:13:01 -07:00
Mark Salyzyn
fe51e78209 Merge "logd: klogd crash" am: e23e0914ff am: 5118d8f633
am: 73ded18d31

Change-Id: I6797f0120af2e933611374f63b29b480dd8b7ed7
2016-08-09 14:50:26 +00:00
Mark Salyzyn
5118d8f633 Merge "logd: klogd crash"
am: e23e0914ff

Change-Id: I8c99431fe8687365e5af615ce7c231ac7029558a
2016-08-09 14:44:29 +00:00
Mark Salyzyn
a146a779e2 logd: klogd crash
dmesg parser could wrap taglen limit resulting in out of bound
accesses. Can lead to crash or data corruption.

Fixed an issue with two-word tag parsing. Switched to case
insensitive tag content matching. Added a few extra limit
checks that could also wrap, simplified the parsing, then added
means to stop using hard coded constants.

Bug: 30688716
Bug: 30050636
Bug: 30614675
Bug: 25620123
Change-Id: Iae4f664f63ef7b842d82eaa1638b6d7a0d28fd18
2016-08-08 09:58:28 -07:00
Chih-Hung Hsieh
12ad1c6dc4 Merge "Fix google-explicit-constructor warnings in logd." am: 33bf662195 am: 7e74e81646
am: 43da1271b1

Change-Id: I886845d655183c23df92d76dbfa99ad040ee246f
2016-08-03 16:39:48 +00:00
Chih-Hung Hsieh
7e74e81646 Merge "Fix google-explicit-constructor warnings in logd."
am: 33bf662195

Change-Id: Ib3f3dd92b3339f778dec8dd9778d5e3cbba5ba0c
2016-08-03 16:34:20 +00:00
Chih-Hung Hsieh
9e70ba6352 Fix google-explicit-constructor warnings in logd.
Bug: 28341362
Change-Id: I5b419c40593982925034e9b7217b0eb53c51adcb
Test: build with WITH_TIDY=1
2016-08-02 11:31:44 -07:00
Chih-Hung Hsieh
cfa32e2d5d Merge \\\"Fix google-explicit-constructor warnings in system/core.\\\" am: 6dc68cb5f9 am: 89cc78b77f
am: e59bc67fa4

Change-Id: I28613acd85ddcbd0b6f285cdfe046b283b49bd83
2016-07-29 17:06:44 +00:00
Chih-Hung Hsieh
89cc78b77f Merge \"Fix google-explicit-constructor warnings in system/core.\"
am: 6dc68cb5f9

Change-Id: I5a010465364b6e14423b19e8c0f9cffa58ee3152
2016-07-29 17:01:17 +00:00
Chih-Hung Hsieh
034c475931 Fix google-explicit-constructor warnings in system/core.
* Declare explicit conversion constructors.
* Add NOLINT for implicit conversion constructors.
* Fix also some misaligned indendations.

Bug: 28341362
Change-Id: Idf911f35923b408d92285cc1a053f382ba08c63e
Test: build with clang-tidy
2016-07-26 11:26:01 -07:00
Mark Salyzyn
eeb2d26308 logd: klogd: deal with htc modified printk
am: 0b4a63d212

Change-Id: I93b6c4e80210ea20a49751a33f768afa106a2d66
2016-07-22 04:10:05 +00:00
Mark Salyzyn
8e7e71c56a Merge \"logd: auditd: suppress multiple identical avc: messages to kmsg\"
am: 02ccdc5db9

Change-Id: I65f93004d1795e025d99ca43aa9c45c39c1c2896
2016-07-20 20:37:41 +00:00
Treehugger Robot
02ccdc5db9 Merge "logd: auditd: suppress multiple identical avc: messages to kmsg" 2016-07-20 20:30:52 +00:00
Jorge Lucangeli Obes
8c345d1831 Merge \"logd: Use Minijail for privilege dropping.\"
am: d3dfd95728

Change-Id: I4ee161fac939c57f273e4af669c3e845b81a4b45
2016-07-20 15:07:32 +00:00
Mark Salyzyn
0b4a63d212 logd: klogd: deal with htc modified printk
Skip leading 'c0  32767 ' and place pid (32767 in example) into pid
field of log record.

Bug: 29831823
Change-Id: I9fcd3cb0235dfcad78627736712a20d2dc1250cc
2016-07-19 11:13:14 -07:00
Mark Salyzyn
df5d12850a logcatd: trampoline persist.logd.logpersistd to logd.logpersistd
(cherry pick from 2591d483c8)

Best practices so that device can set logd.logpersistd properties.
Values can be overriden with trampolines for persist.logd.logpersistd
values except as designed for empty content to keep out of the way.

This allows us to set logd.logpersistd* for a non-persistent collection
that does not survive a reboot, and to use persist.logd.logpersistd*
for persistent collection that does survive a reboot.

Added logd.logpersistd.enable to gate when logpersist service can be
run allowing the properties to be adjusted safely prior to this state
as is the case for device property.

NB: /init will complain when trying to trampoline an empty property,
    this is acceptable for functionality, but may be considered
    annoying from the logging perspective.

Bug: 28788401
Bug: 28813587
Bug: 28936216
Bug: 29831823
Change-Id: I97317e8eedfae4daa8e3ef39e64e7c5c23d8b573
2016-07-19 11:13:14 -07:00
Jorge Lucangeli Obes
2bbdbe8541 logd: Use Minijail for privilege dropping.
Makes code smaller, removes duplication. Using Minijail also allows
adding further sandboxing down the road.

Bug: 30156807
Change-Id: I8fa242fba545049ee82f6655fe6ecc14c53fcab7
2016-07-19 11:15:06 -04:00
Mark Salyzyn
4d205f8975 logd: auditd: suppress multiple identical avc: messages to kmsg
Sends first and last of a series of 3 or more indentical avc:
messages to kmsg and adds 'duplicate messages suppressed'
for the last one in the set. eg:

[67.141658] type=1400 audit(1468852100.171:70): avc: ... tcontext=u:object_r:proc:s0 tclass=file
[67.141678] type=1400 audit(1468852107.494:71): avc: ... tcontext=u:object_r:cache_file:s0 tclass=dir
[67.535202] type=1400 audit(1468852107.498:74): avc: ... tcontext=u:object_r:cache_file:s0 tclass=dir duplicate messages suppressed
[67.535227] type=1400 audit(1468852107.888:75): avc: ... tcontext=u:object_r:proc_net:s0 tclass=file

One can look at the sequence numbers in the above example to see that
four identical message were produced, two were dropped.

ToDo: Evaluate multiple streams of duplicate messages.

Bug: 30118730
Change-Id: I31dcda7c8c42edfc7a8f1bf4d9e46284c74b3d18
2016-07-18 12:30:04 -07:00
Mark Salyzyn
c067116ad5 Merge \"logd: Worst Tag filter enabled for events buffer\"
am: c4be85fbba

Change-Id: I9d33328dfb179a914f502c353b4388d79e376eda
2016-07-16 00:33:19 +00:00
Mark Salyzyn
607f55de91 Merge \"logd: Replace logd with chatty log tag\"
am: 596e65db60

Change-Id: I88057f1ffb21e6b0863dd0803a7a9be0ee72cb1c
2016-07-15 23:23:51 +00:00
Mark Salyzyn
11b2dbca15 Merge changes If992b53b,Ieab60fd1
am: 7c50033e9f

Change-Id: Ie0fb615394eea100dbcc12519c52bbdba8fb8fe0
2016-07-15 22:39:51 +00:00
Mark Salyzyn
6a06694a61 logd: Worst Tag filter enabled for events buffer
- Add drop logistics to TagTable
- replace uid references to a key reference since it
  is an UID for most buffers, but a TAG for the
  events and security buffer
- template the find worst entry mechanics into LogFindWorst class

Bug: 30118730
Change-Id: Ibea4be2c50d6ff4b39039e371365fed2453f17a2
2016-07-15 14:58:17 -07:00
Mark Salyzyn
47684ca591 logd: Replace logd with chatty log tag
Bug: 30118730
Change-Id: I7c7802fef157d5ded02573621d21e0ded3df9745
2016-07-15 14:57:58 -07:00
Mark Salyzyn
0f85817985 logd: rename sort() for pids to sortPids()
Bug: 30118730
Change-Id: If992b53b52a7470427fbe82abb93c95c1b2dc57a
2016-07-15 14:37:04 -07:00
Mark Salyzyn
36a8711260 logd: drop prdebug inline
Makes the prdebug helper accessible for debugging

Bug: 30118730
Change-Id: Ieab60fd18221108ae27c54140a25061ab29ca1a3
2016-07-15 14:36:50 -07:00
Mark Salyzyn
35f7799f16 Merge \"logd: trailing spaces in log statistics\"
am: d59d16a49d

Change-Id: I3f9432af451b13e5641d8ab6a8c275516d636439
2016-07-15 19:04:49 +00:00
Mark Salyzyn
0adcc3e3e8 logd: trailing spaces in log statistics
Bug: 30118730
Change-Id: I8cccbc1da2cf8168ec9cf12f07df4cafef076558
2016-07-15 11:00:44 -07:00
Mark Salyzyn
6fb57f996a Merge \"logcatd: trampoline persist.logd.logpersistd to logd.logpersistd\"
am: 3ba829c75c

Change-Id: Iec3c591d5121be9451597e90b9a6467d7c9a6986
2016-07-13 18:02:23 +00:00
Mark Salyzyn
2591d483c8 logcatd: trampoline persist.logd.logpersistd to logd.logpersistd
Best practices so that device can set logd.logpersistd properties.
Values can be overriden with trampolines for persist.logd.logpersistd
values except as designed for empty content to keep out of the way.

This allows us to set logd.logpersistd* for a non-persistent collection
that does not survive a reboot, and to use persist.logd.logpersistd*
for persistent collection that does survive a reboot.

Added logd.logpersistd.enable to gate when logpersist service can be
run allowing the properties to be adjusted safely prior to this state
as is the case for device property.

NB: /init will complain when trying to trampoline an empty property,
    this is acceptable for functionality, but may be considered
    annoying from the logging perspective.

Bug: 28936216
Bug: 29831823
Change-Id: I97317e8eedfae4daa8e3ef39e64e7c5c23d8b573
2016-07-08 11:06:06 -07:00
Sami Tolvanen
589994504a resolve merge conflicts of a742d10 to nyc-dev-plus-aosp
Change-Id: Icf3257ee8a47f31ba812a5f47899b8022f4eedb7
2016-06-14 15:55:40 -07:00
Sami Tolvanen
a742d10277 Revert "logd: enforce policy integrity"
This reverts commit 0bdad0f231.

Bug: 26902605
Change-Id: I6ce8fa7bef63c45821628265c379970eb64963a2
2016-06-14 11:14:51 -07:00
Elliott Hughes
5f4a946c09 Use alignas for alignment.
Change-Id: I427c407a188682a360c74b2bd5a44dd62551ea66
2016-06-06 19:59:45 -07:00
Chih-Hung Hsieh
f0f94fe49b Fix misc-macro-parentheses warnings in liblog.
Bug: 28705665
Change-Id: Ib272a83cb93b09d986c19a40e23a2679b9e17558
2016-05-18 15:48:50 -07:00
Chih-Hung Hsieh
1cc82ce95c Fix google-explicit-constructor warnings.
Bug: 28341362
Change-Id: I2cf746fd07addc6e6c22e98e2a5bb8a8ce47c885
2016-04-25 13:49:46 -07:00
Mark Salyzyn
b8a95bd3c9 logd: switch from android_ids to getpwuid
Bug: 27999086
Change-Id: I7f4e68b21f58789b4dcada04f9c27f5722940c02
2016-04-14 15:14:46 +00:00
Mark Salyzyn
07522c6e9b logd: check return values
(cherry pick from commit bf7d0b8875)

The setgid() and setuid() call failure in logd.daemon thread
do not block overall functionality, so clearly tell static
analyzer and developers that we do not care to check their
return values.

SideEffects: None

Bug: 27434072
Change-Id: I6fdc87e8311ebc0173716080bbd72c86b3f00f78
2016-03-02 11:37:21 -08:00
Mark Salyzyn
c348416198 logd: clarify release_Locked() for static analyzer
(cherry pick from commit 0ecdec7a09)

release_Locked() is called with a reference count and threadRunning,
the static analyzer can not tell this and estimates that a call to
delete this will occur. So let us invent a new call
release_nodelete_Locked() to ensure it is clear we will not be
arranging a delete this in the context of this code path. The
delete this will follow in the immediate codepath in this function
after threadRunning is cleared, and decRef_Locked() is called.

Change will also remove any developer FUD regarding release_Locked()
usage at this location.

SideEffects: None

Bug: 27434831
Change-Id: I91b060b2dadc72cc449fa381c934afb577bee037
2016-03-02 11:37:21 -08:00
Mark Salyzyn
bf7d0b8875 logd: check return values
The setgid() and setuid() call failure in logd.daemon thread
do not block overall functionality, so clearly tell static
analyzer and developers that we do not care to check their
return values.

SideEffects: None

Bug: 27434072
Change-Id: I6fdc87e8311ebc0173716080bbd72c86b3f00f78
2016-03-02 07:54:45 -08:00
Mark Salyzyn
0ecdec7a09 logd: clarify release_Locked() for static analyzer
release_Locked() is called with a reference count and threadRunning,
the static analyzer can not tell this and estimates that a call to
delete this will occur. So let us invent a new call
release_nodelete_Locked() to ensure it is clear we will not be
arranging a delete this in the context of this code path. The
delete this will follow in the immediate codepath in this function
after threadRunning is cleared, and decRef_Locked() is called.

Change will also remove any developer FUD regarding release_Locked()
usage at this location.

SideEffects: None

Bug: 27434831
Change-Id: I91b060b2dadc72cc449fa381c934afb577bee037
2016-03-02 07:38:34 -08:00
Sami Tolvanen
2060a83775 logd: add a comment about untrusted content in the audit log
A single space character in search terms separates us from a denial of
service attack that forces the device into safe mode.  This CL adds a
comment that hopefully stops the spaces from being accidentally deleted
in future.

Change-Id: I33b2632ef4211fa1688ac9c8f0cf7d0c667766c1
2016-02-29 14:10:59 -08:00
Sami Tolvanen
89e0429ce7 logd: stop log spam when integrity enforcement is suppressed
Bug: 27389331
Change-Id: I9f3bc21eb1b85b9fda4fa0a5c5b4da94e5e7cc1c
(cherry pick from commit abda9340e6)
2016-02-29 13:18:46 -08:00
Sami Tolvanen
abda9340e6 logd: stop log spam when integrity enforcement is suppressed
Bug: 27389331
Change-Id: I9f3bc21eb1b85b9fda4fa0a5c5b4da94e5e7cc1c
2016-02-29 12:08:39 -08:00
Nick Kralevich
99fb01e42a Revert "logd: Don't trigger an integrity failure on permissive SELinux denials"
external/sepolicy commit bca98efa575bedab68f2d5eaee2cd1fd1741962b
ensures that no permissive domains can be on user builds, and
external/sepolicy commit 3872ee396898fcb23bdc49c37fd02d81014aaa5f
re-enables enforcing mode on cameraserver.

The conditions which lead to the integrity failure detection
triggering can no longer occur. Revert the patch which relaxed
the detection.

This reverts commit 33ee84f871.

Bug: 27313768
Bug: 26902605
Change-Id: I8ee97d0858345695f9df8240de4e696f4a9ba008
2016-02-27 08:31:57 -08:00
Nick Kralevich
33ee84f871 logd: Don't trigger an integrity failure on permissive SELinux denials
Only trigger an integrity failure if a policy is reloaded or
SELinux is disabled. Don't trigger the integrity failure if
we see a permissive=1 denial, which could occur if an SELinux
domain is in permissive mode.

Bug: 27313768
Bug: 26902605
Change-Id: Ib85a2799eb6378ae8acdb965b1812d691183fdd3
2016-02-26 17:00:15 -08:00
Mark Salyzyn
d26b2cacad logd: sock_alloc_send_pskb starves pruning
(cherry pick from commit 5c77ad55d0)

Allow socket send syscall to terminate after 32 seconds if reader
stalled because of memory pressure allocating new network buffers

Add a gTest to catch regressions, add security buffer to log_dump

Bug: 27242723
Change-Id: Idaa6699d9d284e7f5f723ae0e76b3d6aa3371489
2016-02-25 12:43:12 -08:00
Mark Salyzyn
317bfb923c logd: Allow (some) headers to be individually importable
(cherry pick from commit 2ad0bd0a9b)

LogReader.h needs to be individually importable.

Fix a few others, drop includes of local includes, let them be
included in source instead and allow headers to be included
alphabetically. Was not a complete audit since goal was to
separate LogReader.h out from the pack.

Bug: 27242723
Change-Id: Ic7759ef90995e5bd285810706af33550c73cf5b5
2016-02-25 12:42:31 -08:00
Mark Salyzyn
5c77ad55d0 logd: sock_alloc_send_pskb starves pruning
Allow socket send syscall to terminate after 32 seconds if reader
stalled because of memory pressure allocating new network buffers

Add a gTest to catch regressions, add security buffer to log_dump

Bug: 27242723
Change-Id: Idaa6699d9d284e7f5f723ae0e76b3d6aa3371489
2016-02-24 10:15:32 -08:00
Mark Salyzyn
2ad0bd0a9b logd: Allow (some) headers to be individually importable
LogReader.h needs to be individually importable.

Fix a few others, drop includes of local includes, let them be
included in source instead and allow headers to be included
alphabetically. Was not a complete audit since goal was to
separate LogReader.h out from the pack.

Bug: 27242723
Change-Id: Ic7759ef90995e5bd285810706af33550c73cf5b5
2016-02-24 10:15:22 -08:00
Sami Tolvanen
0bdad0f231 logd: enforce policy integrity
If a SELinux policy change or a switch to permissive mode is detected
on a user build, restart the device into safe mode, and keep it there
until an OTA is applied or user data is wiped.

This change deprecates the ro.logd.auditd property.

Needs matching changes from
  I781c3059ea8d4fb2f0c923e4488b1932d69678d3
  Ica825cf2af74f5624cf4091544bd24bb5482dbe7
  Id3ca7889ede30b54b7af73dd50653ca1a20d59aa

Bug: 26902605
Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d
(cherry picked from commit d122ee65b6)
2016-02-22 14:00:43 -08:00
Sami Tolvanen
d122ee65b6 logd: enforce policy integrity
If a SELinux policy change or a switch to permissive mode is detected
on a user build, restart the device into safe mode, and keep it there
until an OTA is applied or user data is wiped.

This change deprecates the ro.logd.auditd property.

Needs matching changes from
  I781c3059ea8d4fb2f0c923e4488b1932d69678d3
  Ica825cf2af74f5624cf4091544bd24bb5482dbe7
  Id3ca7889ede30b54b7af73dd50653ca1a20d59aa

Bug: 26902605
Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d
2016-02-16 12:54:54 -08:00
Mark Salyzyn
d1f41d606b logd: use ro.debuggable instead of ro.build.type
Change-Id: Ic644f1f78e68094f700834675f4acc63386a6b92
2016-02-10 10:23:03 -08:00
Mark Salyzyn
d048f113a3 logd: add internal prdebug function
Usage: android::prdebug(const char *fmt, ...) __printflike(1, 2);

Will add logd prefix tag, log as debug priority in kernel logs,
and will suffix a newline if one is not supplied. To be used to
aid debugging of the logger only.

Change-Id: I217326ef34dc4eb0ea076bacb7a7a8b564c931c3
2016-02-09 07:46:39 -08:00
Mark Salyzyn
0604f6fbae init.rc: too many start logd
Bug: 26934873
Change-Id: Ia00da6253a50bedc8ba825df1cf641b86cdebeed
2016-02-02 16:01:17 -08:00
Mark Salyzyn
8fa8896d2e logd: security buffer only AID_SYSTEM reader
- limit AID_SYSTEM uid or gid to read security buffer messages
- adjust liblog tests to reflect the reality of this adjustment

To fully test all security buffer paths and modes

$ su 0,0,0 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 1000,1000,1000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 2000,2000,2000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*

ToDo: Integrate the above individually into the gTest Q/A testing

Bug: 26029733
Change-Id: Idcf5492db78fa6934ef6fb43f3ef861052675651
2016-02-01 13:29:06 -08:00
Mark Salyzyn
c85ce9ba8e Merge "Revert "logd: security buffer only AID_SYSTEM reader"" 2016-01-26 22:38:58 +00:00
Mark Salyzyn
674ce6ef58 Revert "logd: security buffer only AID_SYSTEM reader"
This reverts commit 756332e88b.

Change-Id: Ib8607ac758b7e88a9db716ec4274ec0e4e3dc596
2016-01-26 21:47:35 +00:00
Mark Salyzyn
69ce7c5483 Merge "logd: security buffer only AID_SYSTEM reader" 2016-01-26 20:41:51 +00:00
Mark Salyzyn
756332e88b logd: security buffer only AID_SYSTEM reader
Bug: 26029733
Change-Id: I140e5eb8bb39271fa674744651127e3fc545cbe8
2016-01-26 07:20:29 -08:00
Mark Salyzyn
ef4e4f3f07 logd: test wrap functionality
Behavior is modified now, so react by fortifying the tests

Bug: 26447386
Change-Id: I6295783a0bc75282499aeba503a86bdb846908b5
2016-01-21 11:56:23 -08:00
Mark Salyzyn
7fd6c5c6f5 logd: prune maintain per-id watermark (part deux)
iterator corruption as we allow mLast to slip through the FIFO

Bug: 23685592
Bug: 26646087
Change-Id: Ifcbaecf390ee47b195c3d823d080c66c15db4530
2016-01-19 16:14:39 -08:00
Mark Salyzyn
7b7b2da6b8 Merge "logd: prune maintain per-id watermark" 2016-01-13 20:23:28 +00:00
Mark Salyzyn
ae6aa1f1ed Merge "logd: wrap timed entry too early, timeout immediately" 2016-01-12 21:57:50 +00:00
Mark Salyzyn
4690640760 logd: unaligned access on security buffer
Bug: 26485626
Change-Id: I990447ca59982bb2de15decda575fd0e2838b5ed
2016-01-12 10:09:31 -08:00
Mark Salyzyn
507eb9fec2 logd: prune maintain per-id watermark
Without this change LogBuffer::prune and LogBuffer::erase
contributes 16.7% and 1.79% respectively. With this change,
they contributes 3.06 and 2.33% respectively. Pruning is
performed roughly 1 in every 255 log entries, a periodic
tamer latency spike.

Bug: 23685592
Change-Id: I6ae1cf9f3559bca4cf448efe8bcb2b96a1914c54
2016-01-11 14:46:51 -08:00
Mark Salyzyn
0157097845 logd: wrap timed entry too early, timeout immediately
Bug: 26447386
Change-Id: I8d5588831f558061ef21b2a5aeedc865e9ae4cc7
2016-01-07 15:13:14 -08:00
Mark Salyzyn
1a5bac2069 Merge "Revert "logd: liblog: whitelist "snet_event_log""" 2016-01-06 21:22:04 +00:00
Mark Salyzyn
0ee8de3c2d Revert "logd: liblog: whitelist "snet_event_log""
Callers will not guarantee that they can or will ratelimit, we need to
retain the ability to blacklist snet_event_log as a result.

This reverts commit 6aa21b225d.

Bug: 26178938
Change-Id: Ibf47d2e23a84c56f5f72d02312c698df7ff2b601
2016-01-06 21:19:23 +00:00
Mark Salyzyn
66607ebc0e logd: document ro.logd.size
Bad comment advise in LogBuffer.cpp results in partners failing to
considering using ro.logd.size to set the platform buffer size
default.

NB: It is not good practice to increase the log buffer size to deal
with logspam, as increases will result in logd scale issues getting
closer to hitting the background cgroup cpu cap. Once we hit that
cap, logd spirals, pruning old entries slower than the incoming log
entries. logd.writer will take 100% cpu.

Change-Id: If4a7a74f300d078eeaed0ffd3eb3fd77d1f9fe90
2016-01-05 09:09:18 -08:00
Mark Salyzyn
ff8b8e838b logd: build breakage aosp-brillo-master @ 2508494
Change-Id: I38e506bc997c6e9759a064b517f9372a27d0e510
2015-12-30 13:46:07 -08:00
Mark Salyzyn
554630f94e Merge "logd: isMonotonic improvements" 2015-12-30 21:31:58 +00:00
Mark Salyzyn
6aa21b225d logd: liblog: whitelist "snet_event_log"
Dangerous bridge to cross to whitelist, who is special, who is not?
Rationalized as these events are used to catch exploits on platform.
As it stands no one should be allowed to block any messages in the
security context, not even for development purposes.

Bug: 26178938
Change-Id: Ibdc76bc0fe29ba05be168b623af1c9f41d7edbd2
2015-12-30 10:07:19 -08:00
Mark Salyzyn
10b82b6834 logd: isMonotonic improvements
Use 1972 as a right delineation. Otherwise use half way point
between the monotonic and realtime. Treat correction factor as
unsigned, ensure that any wrapping to a negative value is
dropped or set to EPOCH. Acknowledge that we can get a more
accurate time track by acquiring the time rather than relying on
healthd timestamp.

Bug: 26331432
Change-Id: I09075fca58676a30cf7d87baf2d4b0f53795abaa
2015-12-29 11:34:29 -08:00
Mark Salyzyn
bec3c3def9 logd: Add worst pid of system filter
- Add a new statistic that reports per pid and log_id for AID_SYSTEM
- Add a new pruning filter ~1000/! boolean
- Use this new statistic to prune on worst pid within AID_SYSTEM

Bug: 26029733
Bug: 21615139
Bug: 22855208
Change-Id: Iab5dd28f807dcf03d276372853883f3b6afa8294
2015-12-29 09:32:35 -08:00
Mark Salyzyn
9c66a58f21 logd: Allow flags "eng" and "svelte" in boolean
- enhance property_get_bool, drop property_get_bool_svelte
- enhance base properties with ro and persist variants
- update and fortify README.property
- primarily move auditd and kernel logger into a realm where
  they can be controlled by build properties.
- Move logd.klogd to logd.kernel, and add ro.logd.kernel
  and persist.logd.kernel.
- Add ro.logd.auditd and persist.logd.auditd.
- Document persist.logd.security
- Document log.tag and persist.logd.tag properties.
- Document ro.logd.size, persist.logd.size and logd.size
  properties.

Bug: 26178938
Bug: 26029733
Bug: 17760225
Change-Id: Ibc1a497e45d69db5cf52133937f7ba6fb1d6cd21
2015-12-22 07:44:31 -08:00
Mark Salyzyn
ee3b838e13 logd: statistics per-pid filter
Primarily gives access to the Chattiest TIDs and TAGs
associated with a pid.

Has a secondary effect of allowing us to pull out the
command line, comm and in some cases the associated
PACKAGE for a specific pid while the logs are still
present even if the executable is gone.

Bug: 26029733
Bug: 21615139
Change-Id: I1ea63165a680a9318360579b70b1512078ed5682
2015-12-18 13:17:37 -08:00
Mark Salyzyn
7b4a2049b0 logd: test drop __unused
Change-Id: I1ccf49809b8a0a125601bdb52834c463e2d94165
2015-12-18 10:35:00 -08:00
Mark Salyzyn
236fecd923 Merge "logd: ro.config.low_ram set buffer size to 64K" 2015-12-17 23:47:14 +00:00
Mark Salyzyn
1d9c7e728f logd: simpleperf inspired optimizations
memset is hot on log writes with too much overhead, not required.

Bug: 24444530
Bug: 23685592
Change-Id: Ibe3c83abca6774fc79a3be461f2f1585f4a9b1ff
2015-12-15 14:24:04 -08:00
Mark Salyzyn
cdda62b2c1 logd: ro.config.low_ram set buffer size to 64K
Bug: 25792367
Change-Id: Icae85a7de70b3a71f89b2bf8c80866649f727177
2015-12-14 14:37:07 -08:00
Mark Salyzyn
86052a5d4f Merge "logd: liblog: logcat: Add LOG_ID_SECURITY" 2015-12-11 17:33:33 +00:00
Mark Salyzyn
30edbdce9b Merge changes I598c8c5c,I672b0f4d,Id882978b,Idff5e080,Ib124eca1, ...
* changes:
  logger.h: reduce maximum payload so sum is page size
  liblog: test for maximum payload can not survive change
  liblog: logprint use uid name if length less then 5
  liblog: logprint add uid format modifier
  liblog: readlog apps get logger_entry_v4 for pstore
  logd: readlog apps get logger_entry_v4
  logger.h: Add definition for logger_entry_v4
2015-12-11 16:42:28 +00:00
Mark Salyzyn
ad9dac1c27 Merge "logd: best 2/3 filter for timezone glitches" 2015-12-10 23:38:03 +00:00
Mark Salyzyn
b06247d9a0 logd: best 2/3 filter for timezone glitches
klogd is sensitive to changes in timezone resulting in glitches
surrounding conversion to local realtime logging. logger manages
a map from monotonic to realtime, but the process is racey since
the system can change the timezone at any time, this catches those
cases where it glitches.

Bug: 21868540
Change-Id: I03de6675fcd04f18ba7306a24dc3d9e750d86976
2015-12-10 13:20:48 -08:00
Mark Salyzyn
f011a335f2 logd: logd-reinit exits with 194
Bug: 26115803
Change-Id: I6e8843ce9766756a40e6d176e0a822f62045c2af
2015-12-10 12:26:08 -08:00
Mark Salyzyn
7b87365ecf logd: readlog apps get logger_entry_v4
Adds the uid field to outgoing content for readlog applications.
AID_LOG, AID_ROOT and AID_SYSTEM gain access to the information.

Bug: 25996918
Change-Id: I0254303c19d174cbf5e722c38844be5c54410c85
2015-12-09 08:12:07 -08:00
Mark Salyzyn
083b037c07 logd: liblog: logcat: Add LOG_ID_SECURITY
- Largish commit, buffer and access controls done together
- Add LOG_ID_SECURITY binary content log
- Add "default" meta buffer
- allow LOG_ID_SECURITY only from AID_SYSTEM and AID_ROOT UID & GID
- Use __android_log_security() to gate logging
- Add __android_log_security_bwrite() native access to security
  logging.
- Add liblog.__security_buffer end-to-end gTest

Bug: 26029733
Change-Id: Ibcf5b4660c17c1aa6902c0d93f8ffd29c93d9a93
2015-12-08 16:46:29 -08:00
Mark Salyzyn
fc9f5b8af4 logd: test wakeup on wrap timeout
Change-Id: I8dd605452f1fef7706a627eedc251e39bb2e34cc
2015-12-07 14:24:02 -08:00
Mark Salyzyn
b75cce0389 logd: wakeup on wrap or timeout
If a timeout is specified for the reader, then go to sleep
with the socket open. If the start time is about to get
pruned in the specified log buffers, then wakeup and dump
the logs; or wakeup on timeout, whichever comes first.

Bug: 25929746
Change-Id: I7d2421c2c5083b33747b84f74d9a560d3ba645df
2015-12-07 14:24:02 -08:00
Mark Salyzyn
3ea02e8eca Merge "logd: test: leniency towards background cgroup" 2015-12-07 20:59:34 +00:00
Mark Salyzyn
2e2d2edc59 Merge "logd: test: statistics report chatty effective percentage" 2015-12-07 19:30:51 +00:00
Mark Salyzyn
074f542476 logd: test: leniency towards background cgroup
Accepting a new lower standard of performance due to
the realities of the background cgroup.

Change-Id: Icd85050ffbf7f0129dd4c053323faedd0ff74048
2015-12-07 11:26:12 -08:00
Mark Salyzyn
f33657da4d logd: test: statistics report chatty effective percentage
Add parsing to recognize optional chatty effective
percentage field as reported in the logger statistics.

Bug: 22855208
Change-Id: Id9c5e4a907ed0f9319beb9ddbfa27f4844bffc7d
2015-12-07 11:10:04 -08:00
Mark Salyzyn
ba7a9a016b logd: liblog: logcat: switch to android_log_clockid() (2)
android_log_timestamp returns the property leading letter,
it is better to return a clockid_t with android_log_clockid()

Bug: 23668800
Change-Id: I38dee773bf3844177826b03a26b03215c79a5359
2015-12-07 18:45:31 +00:00
Mark Salyzyn
b566435b02 Merge "Revert "logd: liblog: logcat: switch to android_log_clockid()"" 2015-12-07 18:31:44 +00:00
Mark Salyzyn
9e18cdcebd Revert "logd: liblog: logcat: switch to android_log_clockid()"
This reverts commit 77b5696b1d.

Change-Id: I7711bf1a7e3f72ed29a2498d7287b725a0e624bd
2015-12-07 18:30:58 +00:00
Mark Salyzyn
9eca0e775b Merge "logd: liblog: logcat: switch to android_log_clockid()" 2015-12-07 18:16:29 +00:00
Elliott Hughes
4f71319df0 Track rename of base/ to android-base/.
Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
2015-12-04 22:00:26 -08:00
Mark Salyzyn
77b5696b1d logd: liblog: logcat: switch to android_log_clockid()
android_log_timestamp returns the property leading letter,
it is better to return a clockid_t with android_log_clockid()

Bug: 23668800
Change-Id: I3c4e3e6b87f6676950797f1f0e203b44c542ed43
2015-12-04 14:49:19 -08:00
Mark Salyzyn
e6cf1c6372 Merge "Revert "liblog: resolve deadlocks"" 2015-11-16 19:07:47 +00:00
Mark Salyzyn
c2e7d4965f Revert "liblog: resolve deadlocks"
This reverts commit 7a2a307192.

Bug: 25693940
Change-Id: I9a7c926289e972f80c03c92e33535e1dedaa7381
2015-11-16 19:00:41 +00:00
Mark Salyzyn
eb29808615 logd: klogd: parse error
Resolve three areas missing taglen checking. Add some additional
limit-checking paranoia. Problem started when p was allowed to
go beyond the size of the incoming buffer in some blind
p = cp + 1 fragments, placed the check for that after them all
before harm could be done, rather than in each location.

Bug: 25620123
Change-Id: Ib5687fd30ef0cd3ba3bc0df310b436ad675ccabc
2015-11-13 07:58:05 -08:00
Mark Salyzyn
7a2a307192 liblog: resolve deadlocks
Although ever present, an increased regression introduced with
commit b6bee33182 (liblog: logd:
support logd.timestamp = monotonic).

A signal handler can interrupt in locked context, if log is written
in the signal handler, we are in deadlock. Block signals while we
are locked. Separate out timestamp lock from is loggable lock to
reduce contention situations. Provide a best-guess response if
lock would fail in timestamp path.

Bug: 25563384
Change-Id: I6dccd6b99ebace1c473c03a785a35c63ed5c6a8a
2015-11-12 15:39:04 -08:00
Nick Kralevich
c39ba5ae32 Enable hidepid=2 on /proc
Add the following mount options to the /proc filesystem:

  hidepid=2,gid=3009

This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).

Please see
  https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.

hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.

Add AID_READPROC to processes which need to access /proc entries for
other UIDs.

Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
2015-11-09 09:08:46 -08:00
Mark Salyzyn
8897a3fffd Merge "liblog: logd: support logd.timestamp = monotonic" 2015-11-04 00:31:53 +00:00
Mark Salyzyn
50122695d2 logd: pruning time horizon
Estimate a time horizon of ten fold for worst UID pruning

Bug: 24782000
Change-Id: I7118deb6d42531c68ed2ac2a59c57b0580b942cc
2015-11-03 15:34:15 -08:00
Mark Salyzyn
b6bee33182 liblog: logd: support logd.timestamp = monotonic
if ro.logd.timestamp or persist.logd.timestamp are set to the value
monotonic then liblog writer, liblog printing and logd all switch to
recording/printing monotonic time rather than realtime. If reinit
detects a change for presist.logd.timestamp, correct the older entry
timestamps in place.

ToDo: A corner case condition where new log entries in monotonic time
      occur before logd reinit detects persist.logd.timestamp, there
      will be a few out-of-order entries, but with accurate
      timestamps. This problem does not happen for ro.logd.timestamp
      as it is set before logd starts.

NB: This offers a nano second time accuracy on all log entries
    that may be more suitable for merging with other system
    activities, such as systrace, that also use monotonic time. This
    feature is for debugging.

Bug: 23668800
Change-Id: Iee6dab7140061b1a6627254921411f61b01aa5c2
2015-11-03 15:15:51 -08:00
Mark Salyzyn
14105639a9 Merge "logd: statistics report chatty effective percentage"
am: d2c8cf8265

* commit 'd2c8cf826587de9ef1269ba22fd70df00f874c23':
  logd: statistics report chatty effective percentage
2015-10-30 22:02:15 +00:00
Mark Salyzyn
2c0f84da2e Merge "logd: Add support for *.logd.filter"
am: 95ec339f5e

* commit '95ec339f5ef68696630df470e172bbb306faa1b6':
  logd: Add support for *.logd.filter
2015-10-30 22:02:10 +00:00
Mark Salyzyn
c723df805a logd: statistics report chatty effective percentage
Report the ESTIMATED instantaneous percentage decrease or increase
that an UID has to the logs as a result of the chatty filtration.

Bug: 22855208
Change-Id: If1e77afb81a2739a72b39bc7c57071763c1d64d8
2015-10-30 14:54:17 -07:00
Mark Salyzyn
932f7acc81 logd: Add support for *.logd.filter
- Add device (ro.logd.filter), persistent (persist.logd.filter)
  properties to control the default filters
- Allow logcat -P default to produce expected results
- Allow logcat -P disable to produce expected results

Change-Id: I651cb705373ec1e88a99e4b9086da4f9668a468a
2015-10-30 14:54:17 -07:00
Andreas Gampe
31e78998b0 Merge "Logd: Fix missing include of rc file"
am: 054c099f1b

* commit '054c099f1bbc814e7b20cc20c3ba369161e130e7':
  Logd: Fix missing include of rc file
2015-10-23 04:15:51 +00:00
Andreas Gampe
f5852ce11b Logd: Fix missing include of rc file
This went missing in commit aeca97ba1c.

Change-Id: I9d7e48a2ffb1649f3fa515a9d12d5fbdd2ed58b7
2015-10-22 20:36:53 -07:00
Daniel Cashman
2d78403633 Merge "logd: use libpackageparser"
am: 89065609c9

* commit '89065609c904c8ffdf0fdaec13ede2989ceb110e':
  logd: use libpackageparser
2015-10-22 23:12:10 +00:00
William Roberts
aeca97ba1c logd: use libpackageparser
Switch from the internal packages.list file parser
implementation to a common parser library.

Change-Id: I87a406802f95d8e7bfd8ee85f723f80e9e6b6c0c
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-14 20:22:44 -07:00
Mark Salyzyn
ff5ef45e29 am cee44732: Merge "logd: correct for number of elements in prune"
* commit 'cee44732e61c3e0f9491aa6cea78670ed6c9c89d':
  logd: correct for number of elements in prune
2015-10-13 22:25:43 +00:00
Mark Salyzyn
58b8be8906 logd: correct for number of elements in prune
Chatty logs would distort the average log size by elevating the
elements, but not the size. Add statistical collection for the
number of elements that report chatty, and subtract that from
the number of elements to improve the pruning estimate. Pick
minElements as 1% rather than 10% of the total with this more
accurate number of elements, to a minumum of 4.

Bug: 24511000
Change-Id: I3f36558138aa0b2a50e4fac6440c3a8505d95276
2015-10-13 13:43:16 -07:00
Mark Salyzyn
904864554e am 9b3a2784: Merge "logd: use coalesce instead of merge (cleanup)"
* commit '9b3a2784b94d88492906384ab3f3c9863f6b5eea':
  logd: use coalesce instead of merge (cleanup)
2015-10-13 16:52:02 +00:00
Mark Salyzyn
9b3a2784b9 Merge "logd: use coalesce instead of merge (cleanup)" 2015-10-13 16:47:15 +00:00
Mark Salyzyn
7c009ac097 am 1c04253a: Merge "logd: object layer format statistics"
* commit '1c04253af2077de0250e4082cadd4f9bfffc4ea2':
  logd: object layer format statistics
2015-10-12 22:14:26 +00:00
Mark Salyzyn
1c04253af2 Merge "logd: object layer format statistics" 2015-10-12 22:10:30 +00:00
Mark Salyzyn
aaad42f47c logd: use coalesce instead of merge (cleanup)
- switch to coalesce instead of merge in naming of functions
  and variables. Confusing since we also to merge-sorts and
  other activities in the logger.
- define maxPrune rather than using a number in the code path.

Bug: 24511000
2015-10-09 15:00:44 -07:00