openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge "Send property_service AVC messages to the kernel audit system"

This commit is contained in:
Treehugger Robot 2017-01-03 23:24:47 +00:00 committed by Gerrit Code Review
parent 5badada997 8adb4d9d12
commit d06f86ced6
2 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
init/Android.mk
View File

@ -54,7 +54,7 @@ LOCAL_SRC_FILES:= \
service.cpp \
util.cpp \
LOCAL_STATIC_LIBRARIES := libbase libselinux liblog libprocessgroup
LOCAL_STATIC_LIBRARIES := libbase libselinux liblog libprocessgroup libnl
LOCAL_WHOLE_STATIC_LIBRARIES := libcap
LOCAL_MODULE := libinit
LOCAL_SANITIZE := integer
@ -103,7 +103,8 @@ LOCAL_STATIC_LIBRARIES := \
libdl \
libsparse_static \
libz \
libprocessgroup
libprocessgroup \
libnl \
# Create symlinks.
LOCAL_POST_INSTALL_CMD := $(hide) mkdir -p $(TARGET_ROOT_OUT)/sbin; \

31
init/log.cpp
View File

@ -19,6 +19,8 @@
#include <fcntl.h>
#include <string.h>
#include <linux/audit.h>
#include <netlink/netlink.h>
#include <selinux/selinux.h>
void InitKernelLogging(char* argv[]) {
@ -38,6 +40,24 @@ void InitKernelLogging(char* argv[]) {
android::base::InitLogging(argv, &android::base::KernelLogger);
}
static void selinux_avc_log(char* buf, size_t buf_len) {
size_t str_len = strnlen(buf, buf_len);
// trim newline at end of string
buf[str_len - 1] = '\0';
struct nl_sock* sk = nl_socket_alloc();
if (sk == NULL) {
return;
}
nl_connect(sk, NETLINK_AUDIT);
int result;
do {
result = nl_send_simple(sk, AUDIT_USER_AVC, 0, buf, str_len);
} while (result == -NLE_INTR);
nl_socket_free(sk);
}
int selinux_klog_callback(int type, const char *fmt, ...) {
android::base::LogSeverity severity = android::base::ERROR;
if (type == SELINUX_WARNING) {
@ -48,8 +68,15 @@ int selinux_klog_callback(int type, const char *fmt, ...) {
char buf[1024];
va_list ap;
va_start(ap, fmt);
vsnprintf(buf, sizeof(buf), fmt, ap);
int res = vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
android::base::KernelLogger(android::base::MAIN, severity, "selinux", nullptr, 0, buf);
if (res <= 0) {
return 0;
}
if (type == SELINUX_AVC) {
selinux_avc_log(buf, sizeof(buf));
} else {
android::base::KernelLogger(android::base::MAIN, severity, "selinux", nullptr, 0, buf);
}
return 0;
}