summaryrefslogtreecommitdiffstats
path: root/logd/LogAudit.cpp
Commit message (Collapse)AuthorAgeFilesLines
* logd: propagate ::log statusMark Salyzyn2015-04-151-8/+15
| | | | | | | | | | | | | Add a return value for the ::log() methods, this allows us to optimize the wakeup for the readers to only occur when the log message is actually placed. This is for a future where we may dedupe identical log messages, filter out log messages, and certainly if we filter the messages out with an internal logd check of __android_log_is_loggable(). Change-Id: I763b2a7c29502ab7fa0a5d5022c7b60244fcfde4
* Merge "logd: syscall optimization"Mark Salyzyn2015-04-151-1/+2
|\
| * logd: syscall optimizationMark Salyzyn2015-04-011-1/+2
| | | | | | | | | | | | | | - prset(PR_SET_NAME) call once - No need to call getuid(), should be AID_LOGD Change-Id: I4dde0b178bc84e711b355cd7677b0dbf905a0634
* | logd: Don't embed a flexible array member within another structNick Kralevich2015-04-071-3/+3
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | C (but not C++) has a concept of a flexible array member, which is documented at https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html . Using a flexible array member indicates that the structure is really a header for a variable length object. In logd's case, the variable length structure android_event_string_t was embedded within another structure called android_log_event_string_t. This makes gcc's __builtin_object_size() function really confused. When compiling with C++, __builtin_object_size(android_log_event_string_t.payload.data, 1) would return 0, whereas if you compiled the code with C, the same call would (properly) return -1. Code which does automatic bounds checking, such as the proposed patch at https://android-review.googlesource.com/145411 , will cause problems for logd if this syntax is used. Don't try to embed a variable length structure within another structure. This doesn't appear to be valid C nor C++, and while it's worked, it seems problematic. Instead, inline the structure so it's one big happy structure. Change-Id: I8ac02b7142a4f6560f5f80df2effcf720f9896fc
* logd: report reinitMark Salyzyn2015-03-121-4/+4
| | | | | Bug: 19681572 Change-Id: I343b9d108f064f87df79512a0fdf1b35513c3136
* logd: use <endian.h>Mark Salyzyn2015-03-041-18/+15
| | | | Change-Id: Iba843c054ea4fbe1a26c7821b5613fdb5e8001a1
* logd: auditd remove logDmesg methodMark Salyzyn2014-12-051-33/+24
| | | | | | | | | | | | | - logDmesg method consumes considerable memory resources (typically 128KB depending on kernel) - In the future (eg: klogd, syslogd) there may be need to feed multiple logs or threads with the retrieved data. - By moving the actions of logDmesg into the mainline that instantiates the thread objects, we can leverage a single allocation of the the kernel log allocation. - logDmesg (private) is replaced with log (public) which has a more useful and descriptive purpose for the class. Change-Id: Ie2dd0370661493c1e596a7e486904a0e8caab9ff
* logd: throttle SELinux denials to 20/secNick Kralevich2014-11-191-1/+1
| | | | | | | | | | | Impose a limit of 20 selinux denials per second. Denials beyond that point don't add any value, and have the potential to cause crashes or denial of service attacks. Do some other misc cleanup while I'm here. Bug: 18341932 Change-Id: I6125d629ae4d6ae131d2e53bfa41e1f50277d402
* logd: auditd: report facility LOG_AUTHMark Salyzyn2014-09-281-4/+15
| | | | Change-Id: Ie325e1b58f52b6c728d5cfd6f6b87287fcf32e10
* logd: auditd: kmsg priorityMark Salyzyn2014-09-191-9/+12
| | | | Change-Id: I2016fe140e2daf6c69efbd10aef205fffb931aa1
* logd: logcat: debuggerd: audit logs to events and mainMark Salyzyn2014-05-271-26/+81
| | | | | | | | | | | - auditd spawn log copy to events and main - logcat delete events as one of the default logs - debuggerd do not collect events. - squish multiple spaces - switch from strcpy to memmove for overlapping buffers BUG: 14626551 Change-Id: I89b30273ce931ed2b25a53ea9be48e77f4c1bbf4
* logd: logcat: debuggerd: auditd logs to eventsMark Salyzyn2014-05-151-31/+15
| | | | | | | | | | | - auditd switch to recording logs to events log id - logcat add events as one of the default logs - debuggerd collect events log as well. ToDo: debuggerd & bugreport collect intermixed logs. BUG: 14626551 Change-Id: I958f0e729b7596748be57488a38824db5645be7b
* logd: add logd.auditd propertyMark Salyzyn2014-04-291-5/+7
| | | | | | | | - permit us a mechanism to disable auditd - standardize property boolean Bug: 14275676 Change-Id: I76f245c6aee511ed44274159e0ea55915b484dda
* logd: add thread setnameMark Salyzyn2014-04-291-0/+3
| | | | | | | - permits easier determination of logd thread at fault in a stack trace from debuggerd. Bug: 14275676 Change-Id: Iac2c523147e2bcce34ab7ddcecd02582c5fa7cc0
* logd: auditd: add logd.auditd.dmesg propertyMark Salyzyn2014-04-071-4/+18
| | | | Change-Id: If4a579c2221eec99cf3f6acf59ead8c2d5230517
* logd: selinux auditd initial commitWilliam Roberts2014-04-071-0/+184
Initial commit for an audit daemon that writes kernel audit messages to the Android logger. The daemon searches dmesg for all lines that contain "audit" and writes them. Then receiving the messages from the netlink socket. It also formats the messages so they are compatable with ausearch (type=<t> <m> format) Modified: Mark Salyzyn <salyzyn@google.com> - do not start auditd - merge into logd, stripping unnecessary file logging. - Convert headers and code to support C++ - Fix bugs in libaudit - squash timestamp (replace with 0.0) due to duplication - squash pid due to duplication - squash comm due to duplication Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe
generated by cgit v1.1 at 2025-03-22 05:42:06 +0000