Commit graph

20 commits

Author SHA1 Message Date
Mark Salyzyn
ce80da3018 logd: Add support for ro.logd.auditd.[main|events]
log selinux audit messages boolean (true or false, default true)
selection for logging destinations:

ro.logd.auditd - turn on logd.auditd to pick up violations.
ro.logd.auditd.dmesg - to the kernel log.
ro.logd.auditd.main - to the "main" log buffer.
ro.logd.auditd.events - to the "events" log buffer.

We used to also read logd.auditd.dmesg and persist.logd.auditd.dmesg
which do not get refreshed when /data mounts internally.  This is a
confusing state as these properties will be read after a logd crash
and restart, adjusting the behavior of the logger.  Same can be said
for logd.auditd as well.  Drop reading these other parameters.

Test: manual set r/o parameters, stop/start logd to confirm behavior
Bug: 33969000
Bug: 27878170
Change-Id: I1a6bb4a903074c9aa7b227cf583a0094d49cbefd
2017-01-03 09:44:42 -08:00
Mark Salyzyn
6fb57f996a Merge \"logcatd: trampoline persist.logd.logpersistd to logd.logpersistd\"
am: 3ba829c75c

Change-Id: Iec3c591d5121be9451597e90b9a6467d7c9a6986
2016-07-13 18:02:23 +00:00
Mark Salyzyn
2591d483c8 logcatd: trampoline persist.logd.logpersistd to logd.logpersistd
Best practices so that device can set logd.logpersistd properties.
Values can be overriden with trampolines for persist.logd.logpersistd
values except as designed for empty content to keep out of the way.

This allows us to set logd.logpersistd* for a non-persistent collection
that does not survive a reboot, and to use persist.logd.logpersistd*
for persistent collection that does survive a reboot.

Added logd.logpersistd.enable to gate when logpersist service can be
run allowing the properties to be adjusted safely prior to this state
as is the case for device property.

NB: /init will complain when trying to trampoline an empty property,
    this is acceptable for functionality, but may be considered
    annoying from the logging perspective.

Bug: 28936216
Bug: 29831823
Change-Id: I97317e8eedfae4daa8e3ef39e64e7c5c23d8b573
2016-07-08 11:06:06 -07:00
Sami Tolvanen
589994504a resolve merge conflicts of a742d10 to nyc-dev-plus-aosp
Change-Id: Icf3257ee8a47f31ba812a5f47899b8022f4eedb7
2016-06-14 15:55:40 -07:00
Sami Tolvanen
a742d10277 Revert "logd: enforce policy integrity"
This reverts commit 0bdad0f231.

Bug: 26902605
Change-Id: I6ce8fa7bef63c45821628265c379970eb64963a2
2016-06-14 11:14:51 -07:00
Sami Tolvanen
0bdad0f231 logd: enforce policy integrity
If a SELinux policy change or a switch to permissive mode is detected
on a user build, restart the device into safe mode, and keep it there
until an OTA is applied or user data is wiped.

This change deprecates the ro.logd.auditd property.

Needs matching changes from
  I781c3059ea8d4fb2f0c923e4488b1932d69678d3
  Ica825cf2af74f5624cf4091544bd24bb5482dbe7
  Id3ca7889ede30b54b7af73dd50653ca1a20d59aa

Bug: 26902605
Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d
(cherry picked from commit d122ee65b6)
2016-02-22 14:00:43 -08:00
Sami Tolvanen
d122ee65b6 logd: enforce policy integrity
If a SELinux policy change or a switch to permissive mode is detected
on a user build, restart the device into safe mode, and keep it there
until an OTA is applied or user data is wiped.

This change deprecates the ro.logd.auditd property.

Needs matching changes from
  I781c3059ea8d4fb2f0c923e4488b1932d69678d3
  Ica825cf2af74f5624cf4091544bd24bb5482dbe7
  Id3ca7889ede30b54b7af73dd50653ca1a20d59aa

Bug: 26902605
Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d
2016-02-16 12:54:54 -08:00
Mark Salyzyn
d1f41d606b logd: use ro.debuggable instead of ro.build.type
Change-Id: Ic644f1f78e68094f700834675f4acc63386a6b92
2016-02-10 10:23:03 -08:00
Mark Salyzyn
66607ebc0e logd: document ro.logd.size
Bad comment advise in LogBuffer.cpp results in partners failing to
considering using ro.logd.size to set the platform buffer size
default.

NB: It is not good practice to increase the log buffer size to deal
with logspam, as increases will result in logd scale issues getting
closer to hitting the background cgroup cpu cap. Once we hit that
cap, logd spirals, pruning old entries slower than the incoming log
entries. logd.writer will take 100% cpu.

Change-Id: If4a7a74f300d078eeaed0ffd3eb3fd77d1f9fe90
2016-01-05 09:09:18 -08:00
Mark Salyzyn
bec3c3def9 logd: Add worst pid of system filter
- Add a new statistic that reports per pid and log_id for AID_SYSTEM
- Add a new pruning filter ~1000/! boolean
- Use this new statistic to prune on worst pid within AID_SYSTEM

Bug: 26029733
Bug: 21615139
Bug: 22855208
Change-Id: Iab5dd28f807dcf03d276372853883f3b6afa8294
2015-12-29 09:32:35 -08:00
Mark Salyzyn
9c66a58f21 logd: Allow flags "eng" and "svelte" in boolean
- enhance property_get_bool, drop property_get_bool_svelte
- enhance base properties with ro and persist variants
- update and fortify README.property
- primarily move auditd and kernel logger into a realm where
  they can be controlled by build properties.
- Move logd.klogd to logd.kernel, and add ro.logd.kernel
  and persist.logd.kernel.
- Add ro.logd.auditd and persist.logd.auditd.
- Document persist.logd.security
- Document log.tag and persist.logd.tag properties.
- Document ro.logd.size, persist.logd.size and logd.size
  properties.

Bug: 26178938
Bug: 26029733
Bug: 17760225
Change-Id: Ibc1a497e45d69db5cf52133937f7ba6fb1d6cd21
2015-12-22 07:44:31 -08:00
Mark Salyzyn
b6bee33182 liblog: logd: support logd.timestamp = monotonic
if ro.logd.timestamp or persist.logd.timestamp are set to the value
monotonic then liblog writer, liblog printing and logd all switch to
recording/printing monotonic time rather than realtime. If reinit
detects a change for presist.logd.timestamp, correct the older entry
timestamps in place.

ToDo: A corner case condition where new log entries in monotonic time
      occur before logd reinit detects persist.logd.timestamp, there
      will be a few out-of-order entries, but with accurate
      timestamps. This problem does not happen for ro.logd.timestamp
      as it is set before logd starts.

NB: This offers a nano second time accuracy on all log entries
    that may be more suitable for merging with other system
    activities, such as systrace, that also use monotonic time. This
    feature is for debugging.

Bug: 23668800
Change-Id: Iee6dab7140061b1a6627254921411f61b01aa5c2
2015-11-03 15:15:51 -08:00
Mark Salyzyn
932f7acc81 logd: Add support for *.logd.filter
- Add device (ro.logd.filter), persistent (persist.logd.filter)
  properties to control the default filters
- Allow logcat -P default to produce expected results
- Allow logcat -P disable to produce expected results

Change-Id: I651cb705373ec1e88a99e4b9086da4f9668a468a
2015-10-30 14:54:17 -07:00
Mark Salyzyn
100658c303 init.rc: logd: Add logpersistd (nee logcatd)
- logpersistd is defined as a thread or process in the context of the
  logd domain. Here we define logpersistd as logcat -f in logd domain
  and call it logcatd to represent its service mechanics.
- Use logcatd to manage content in /data/misc/logd/ directory.
- Only turn on for persist.logd.logpersistd = logcatd.
- Add logpersist.start, logpersist.stop and logpersist.cat debug
  class executables, thus only in the eng and userdebug builds.

ToDo: Wish to add Developer Options menu to turn this feature on or
off, complicated by the fact that user builds have no tools with
access rights to /data/misc/logd.

Bug: 19608716
Change-Id: I57ad757f121c473d04f9fabe9d4820a0eca06f31
2015-06-02 15:17:59 -07:00
Mark Salyzyn
ae4d928d81 logd: Add klogd
- Add a klogd to collect the kernel logs and place them into a
  new kernel log buffer
- Parse priority, tag and message from the kernel log messages.
- Turn off pruning for worst UID for the kernel log buffer
- Sniff for 'PM: suspend exit', 'PM: suspend enter' and
  'Suspended for' messages and correct the internal definition
  time correction against monotonic dynamically.
- Discern if we have monotonic or real time (delineation 1980) in
  audit messages.
- perform appropriate math to correct the timestamp to be real time
- filter out any external sources of kernel logging

Change-Id: I8d4c7c5ac19f1f3218079ee3a05a50e2ca55f60d
2015-05-12 15:51:46 -07:00
Mark Salyzyn
4ed16b4381 Revert "logd: Add minimum time bucket statistics"
This forward port reverts
    commit e457b74ce6

No longer as necessary once we add
    liblog: Instrument logging of logd write drops
Although this provided an indication of how close statistically we
were to overloading logd it is simpler to understand fails thus to
hunt and peck a corrected value for /proc/sys/net/unix/max_dgram_qlen

Change-Id: I2b30e0fc30625a48fd11a12c2d2cc6a41f26226f
2015-03-04 13:21:41 -08:00
Mark Salyzyn
f5fc509589 logd: Add control statistics enable/disable.
- ro.build.type=user turn off statistics
- ro.config.low_ram=true turn off statistics
- logd.statistics override

Bug: 17526159
Bug: 17526187
Change-Id: I74796043ac34753c6dd10018719ebc0bcd94e00f
2014-10-06 22:42:47 +00:00
Mark Salyzyn
671e343c7d logd: logcat: Add persist.logd.size group of properties
- logd Add persist.logd.size (global), persist.logd.size.<logid>
- logcat report a more flexible multiplier in -g command.

Bug: 14563261
Bug: 14469172
Change-Id: Ie389caa14ad3ae3d4a3a3cc463425bb9dbc5e483
2014-05-06 14:58:41 -07:00
Mark Salyzyn
e0fa291e89 logd: add logd.auditd property
- permit us a mechanism to disable auditd
- standardize property boolean

Bug: 14275676
Change-Id: I76f245c6aee511ed44274159e0ea55915b484dda
2014-04-29 07:25:27 -07:00
Mark Salyzyn
7260a5c348 logd: Add README.property
Change-Id: I89da10a73470b037f1811a9890d959cae186f257
2014-04-24 15:07:54 -07:00