diff options
Diffstat (limited to 'logd/LogAudit.cpp')
| -rw-r--r-- | logd/LogAudit.cpp | 120 |
1 files changed, 58 insertions, 62 deletions
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp index ee2f32d..caae54b 100644 --- a/logd/LogAudit.cpp +++ b/logd/LogAudit.cpp @@ -15,39 +15,44 @@ */ #include <ctype.h> +#include <endian.h> #include <errno.h> #include <limits.h> #include <stdarg.h> #include <stdlib.h> -#include <sys/klog.h> #include <sys/prctl.h> #include <sys/uio.h> #include <syslog.h> +#include <private/android_filesystem_config.h> +#include <private/android_logger.h> + #include "libaudit.h" #include "LogAudit.h" -#define KMSG_PRIORITY(PRI) \ - '<', \ - '0' + (LOG_AUTH | (PRI)) / 10, \ - '0' + (LOG_AUTH | (PRI)) % 10, \ +#define KMSG_PRIORITY(PRI) \ + '<', \ + '0' + LOG_MAKEPRI(LOG_AUTH, LOG_PRI(PRI)) / 10, \ + '0' + LOG_MAKEPRI(LOG_AUTH, LOG_PRI(PRI)) % 10, \ '>' -LogAudit::LogAudit(LogBuffer *buf, LogReader *reader, int fdDmsg) +LogAudit::LogAudit(LogBuffer *buf, LogReader *reader, int fdDmesg) : SocketListener(getLogSocket(), false) , logbuf(buf) , reader(reader) - , fdDmesg(-1) { + , fdDmesg(fdDmesg) + , initialized(false) { static const char auditd_message[] = { KMSG_PRIORITY(LOG_INFO), 'l', 'o', 'g', 'd', '.', 'a', 'u', 'd', 'i', 't', 'd', ':', ' ', 's', 't', 'a', 'r', 't', '\n' }; - write(fdDmsg, auditd_message, sizeof(auditd_message)); - logDmesg(); - fdDmesg = fdDmsg; + write(fdDmesg, auditd_message, sizeof(auditd_message)); } bool LogAudit::onDataAvailable(SocketClient *cli) { - prctl(PR_SET_NAME, "logd.auditd"); + if (!initialized) { + prctl(PR_SET_NAME, "logd.auditd"); + initialized = true; + } struct audit_message rep; @@ -60,7 +65,8 @@ bool LogAudit::onDataAvailable(SocketClient *cli) { return false; } - logPrint("type=%d %.*s", rep.nlh.nlmsg_type, rep.nlh.nlmsg_len, rep.data); + logPrint("type=%d %.*s", + rep.nlh.nlmsg_type, rep.nlh.nlmsg_len, rep.data); return true; } @@ -87,7 +93,7 @@ int LogAudit::logPrint(const char *fmt, ...) { } bool info = strstr(str, " permissive=1") || strstr(str, " policy loaded "); - if (fdDmesg >= 0) { + if ((fdDmesg >= 0) && initialized) { struct iovec iov[3]; static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) }; static const char log_warning[] = { KMSG_PRIORITY(LOG_WARNING) }; @@ -105,7 +111,7 @@ int LogAudit::logPrint(const char *fmt, ...) { pid_t pid = getpid(); pid_t tid = gettid(); - uid_t uid = getuid(); + uid_t uid = AID_LOGD; log_time now; static const char audit_str[] = " audit("; @@ -136,31 +142,27 @@ int LogAudit::logPrint(const char *fmt, ...) { // log to events size_t l = strlen(str); - size_t n = l + sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t); + size_t n = l + sizeof(android_log_event_string_t); bool notify = false; - char *newstr = reinterpret_cast<char *>(malloc(n)); - if (!newstr) { + android_log_event_string_t *event = static_cast<android_log_event_string_t *>(malloc(n)); + if (!event) { rc = -ENOMEM; } else { - cp = newstr; - *cp++ = AUDITD_LOG_TAG & 0xFF; - *cp++ = (AUDITD_LOG_TAG >> 8) & 0xFF; - *cp++ = (AUDITD_LOG_TAG >> 16) & 0xFF; - *cp++ = (AUDITD_LOG_TAG >> 24) & 0xFF; - *cp++ = EVENT_TYPE_STRING; - *cp++ = l & 0xFF; - *cp++ = (l >> 8) & 0xFF; - *cp++ = (l >> 16) & 0xFF; - *cp++ = (l >> 24) & 0xFF; - memcpy(cp, str, l); - - logbuf->log(LOG_ID_EVENTS, now, uid, pid, tid, newstr, - (n <= USHRT_MAX) ? (unsigned short) n : USHRT_MAX); - free(newstr); - - notify = true; + event->header.tag = htole32(AUDITD_LOG_TAG); + event->type = EVENT_TYPE_STRING; + event->length = htole32(l); + memcpy(event->data, str, l); + + rc = logbuf->log(LOG_ID_EVENTS, now, uid, pid, tid, + reinterpret_cast<char *>(event), + (n <= USHRT_MAX) ? (unsigned short) n : USHRT_MAX); + free(event); + + if (rc >= 0) { + notify = true; + } } // log to main @@ -188,7 +190,7 @@ int LogAudit::logPrint(const char *fmt, ...) { } n = (estr - str) + strlen(ecomm) + l + 2; - newstr = reinterpret_cast<char *>(malloc(n)); + char *newstr = static_cast<char *>(malloc(n)); if (!newstr) { rc = -ENOMEM; } else { @@ -197,50 +199,44 @@ int LogAudit::logPrint(const char *fmt, ...) { strncpy(newstr + 1 + l, str, estr - str); strcpy(newstr + 1 + l + (estr - str), ecomm); - logbuf->log(LOG_ID_MAIN, now, uid, pid, tid, newstr, - (n <= USHRT_MAX) ? (unsigned short) n : USHRT_MAX); + rc = logbuf->log(LOG_ID_MAIN, now, uid, pid, tid, newstr, + (n <= USHRT_MAX) ? (unsigned short) n : USHRT_MAX); free(newstr); - notify = true; + if (rc >= 0) { + notify = true; + } } free(str); if (notify) { reader->notifyNewLog(); + if (rc < 0) { + rc = n; + } } return rc; } -void LogAudit::logDmesg() { - int len = klogctl(KLOG_SIZE_BUFFER, NULL, 0); - if (len <= 0) { - return; +int LogAudit::log(char *buf) { + char *audit = strstr(buf, " audit("); + if (!audit) { + return -EXDEV; } - len++; - char buf[len]; + *audit = '\0'; - int rc = klogctl(KLOG_READ_ALL, buf, len); - - buf[len - 1] = '\0'; - - for(char *tok = buf; (rc >= 0) && ((tok = strtok(tok, "\r\n"))); tok = NULL) { - char *audit = strstr(tok, " audit("); - if (!audit) { - continue; - } - - *audit++ = '\0'; - - char *type = strstr(tok, "type="); - if (type) { - rc = logPrint("%s %s", type, audit); - } else { - rc = logPrint("%s", audit); - } + int rc; + char *type = strstr(buf, "type="); + if (type) { + rc = logPrint("%s %s", type, audit + 1); + } else { + rc = logPrint("%s", audit + 1); } + *audit = ' '; + return rc; } int LogAudit::getLogSocket() { |