247d682fe1
Processing overhead for selinux violation messages is costly. We want to deal with bursts of violations, but we have no intent of allowing that sustained burst to go unabated as there is a cost of processing and battery usage. Tunables in libaudit.h are: AUDIT_RATE_LIMIT_DEFAULT 20 /* acceptable burst rate */ AUDIT_RATE_LIMIT_BURST_DURATION 10 /* number of seconds of burst */ AUDIT_RATE_LIMIT_MAX 5 /* acceptable sustained rate */ Since we can only asymptotically handle DEFAULT rate, we set an upper threshold of half way between the MAX and DEFAULT rate. Default kernel audit subsystem message rate is set to 20 a second. If sepolicy exceeds 125 violation messages over up to ten seconds (>=~12/s), tell kernel audit subsystem to drop the rate to 5 messages a second. If rate drops below 50 messages over the past ten seconds (<5/s), tell kernel it is ok to increase the burst rate back to 20 messages a second. Test: gTest logd-unit-tests --gtest_filter=logd.sepolicy_rate_limiter_* Bug: 27878170 Change-Id: I843f8dcfbb3ecfbbe94a4865ea332c858e3be7f2
51 lines
1.6 KiB
Makefile
51 lines
1.6 KiB
Makefile
#
|
|
# Copyright (C) 2014 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
LOCAL_PATH := $(call my-dir)
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# Benchmarks. (see ../../liblog/tests)
|
|
# -----------------------------------------------------------------------------
|
|
|
|
test_module_prefix := logd-
|
|
test_tags := tests
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# Unit tests.
|
|
# -----------------------------------------------------------------------------
|
|
|
|
event_flag := -DAUDITD_LOG_TAG=1003 -DCHATTY_LOG_TAG=1004
|
|
|
|
test_c_flags := \
|
|
-fstack-protector-all \
|
|
-g \
|
|
-Wall -Wextra \
|
|
-Werror \
|
|
-fno-builtin \
|
|
$(event_flag)
|
|
|
|
test_src_files := \
|
|
logd_test.cpp
|
|
|
|
# Build tests for the logger. Run with:
|
|
# adb shell /data/nativetest/logd-unit-tests/logd-unit-tests
|
|
include $(CLEAR_VARS)
|
|
LOCAL_MODULE := $(test_module_prefix)unit-tests
|
|
LOCAL_MODULE_TAGS := $(test_tags)
|
|
LOCAL_CFLAGS += $(test_c_flags)
|
|
LOCAL_SHARED_LIBRARIES := libbase libcutils liblog libselinux
|
|
LOCAL_SRC_FILES := $(test_src_files)
|
|
include $(BUILD_NATIVE_TEST)
|