Commit Graph

10 Commits

Author SHA1 Message Date
Mark Salyzyn eb06de716b logd: auditd remove logDmesg method
- logDmesg method consumes considerable memory
  resources (typically 128KB depending on kernel)
- In the future (eg: klogd, syslogd) there may be need to
  feed multiple logs or threads with the retrieved data.
- By moving the actions of logDmesg into the mainline that
  instantiates the thread objects, we can leverage a single
  allocation of the the kernel log allocation.
- logDmesg (private) is replaced with log (public) which
  has a more useful and descriptive purpose for the class.

Change-Id: Ie2dd0370661493c1e596a7e486904a0e8caab9ff
2014-12-05 20:56:44 +00:00
Nick Kralevich c234a1b879 logd: throttle SELinux denials to 20/sec
Impose a limit of 20 selinux denials per second. Denials beyond
that point don't add any value, and have the potential to cause
crashes or denial of service attacks.

Do some other misc cleanup while I'm here.

Bug: 18341932
Change-Id: I6125d629ae4d6ae131d2e53bfa41e1f50277d402
2014-11-19 13:35:36 -08:00
Mark Salyzyn 7ee2aef8e0 logd: auditd: report facility LOG_AUTH
Change-Id: Ie325e1b58f52b6c728d5cfd6f6b87287fcf32e10
2014-09-28 14:42:05 -07:00
Mark Salyzyn 6bdeee0ce6 logd: auditd: kmsg priority
Change-Id: I2016fe140e2daf6c69efbd10aef205fffb931aa1
2014-09-19 11:59:42 -07:00
Mark Salyzyn e4369d68a2 logd: logcat: debuggerd: audit logs to events and main
- auditd spawn log copy to events and main
- logcat delete events as one of the default logs
- debuggerd do not collect events.
- squish multiple spaces
- switch from strcpy to memmove for overlapping buffers

BUG: 14626551
Change-Id: I89b30273ce931ed2b25a53ea9be48e77f4c1bbf4
2014-05-27 14:29:56 -07:00
Mark Salyzyn 989980c55d logd: logcat: debuggerd: auditd logs to events
- auditd switch to recording logs to events log id
- logcat add events as one of the default logs
- debuggerd collect events log as well.

ToDo: debuggerd & bugreport collect intermixed logs.

BUG: 14626551
Change-Id: I958f0e729b7596748be57488a38824db5645be7b
2014-05-15 08:50:50 -07:00
Mark Salyzyn e0fa291e89 logd: add logd.auditd property
- permit us a mechanism to disable auditd
- standardize property boolean

Bug: 14275676
Change-Id: I76f245c6aee511ed44274159e0ea55915b484dda
2014-04-29 07:25:27 -07:00
Mark Salyzyn 8daa9af02d logd: add thread setname
- permits easier determination of logd thread at
  fault in a stack trace from debuggerd.

Bug: 14275676
Change-Id: Iac2c523147e2bcce34ab7ddcecd02582c5fa7cc0
2014-04-29 00:37:37 +00:00
Mark Salyzyn e9bebd0eb1 logd: auditd: add logd.auditd.dmesg property
Change-Id: If4a579c2221eec99cf3f6acf59ead8c2d5230517
2014-04-07 10:51:00 -07:00
William Roberts 29d238d2a8 logd: selinux auditd initial commit
Initial commit for an audit daemon that writes kernel audit
messages to the Android logger. The daemon searches dmesg
for all lines that contain "audit" and writes them. Then
receiving the messages from the netlink socket.

It also formats the messages so they are compatable with
ausearch (type=<t> <m> format)

Modified: Mark Salyzyn <salyzyn@google.com>

- do not start auditd
- merge into logd, stripping unnecessary file logging.
- Convert headers and code to support C++
- Fix bugs in libaudit
- squash timestamp (replace with 0.0) due to duplication
- squash pid due to duplication
- squash comm due to duplication

Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe
2014-04-07 10:51:00 -07:00