pruneRows not necessarily ULONG_MAX when uid not system source,
allow for speed up for status response if pruneRows exhausted.
Change-Id: I38c76bb20215e3d96513a575e2e3bc85a5e5b41c
mLastWorstPidOfSystem is supposed to be indexed by element->getPid()
Bug: 31237377
Bug: 30797725
Bug: 30688716
Change-Id: I81a55e92f175ded1c571a0aa8836736d86b36b1d
- check hdr_size to make sure it is in the expected range
from sizeof entry_v1 to entry (entry_v4).
- alter msg() method to report NULL on invalid hdr_size
- alter all users of msg() method.
Bug: 30947841
Change-Id: I9bc1740d7aa9f37df5be966c18de1fb9de63d5dd
LogBuffer::pidToUid(pid_t pid) { return stats.pidToUid(pid); }
needs to have LogBuffer::lock()/unlock() to prevent unordered_map
data corruption. This can lead to multiple symptoms, crashes and
continuous spins on corrupted iterators.
Bug: 30688716
Bug: 30050636
Bug: 30614675
Bug: 25620123
Bug: 30792935
Change-Id: I1d8fec8e5fda98c6a08645e7456b081507696b3c
dmesg parser could wrap taglen limit resulting in out of bound
accesses. Can lead to crash or data corruption.
Fixed an issue with two-word tag parsing. Switched to case
insensitive tag content matching. Added a few extra limit
checks that could also wrap, simplified the parsing, then added
means to stop using hard coded constants.
Bug: 30688716
Bug: 30050636
Bug: 30614675
Bug: 25620123
Change-Id: Iae4f664f63ef7b842d82eaa1638b6d7a0d28fd18
Makes code smaller, removes duplication. Using Minijail also allows
adding further sandboxing down the road.
Bug: 30156807
Change-Id: I8fa242fba545049ee82f6655fe6ecc14c53fcab7
Sends first and last of a series of 3 or more indentical avc:
messages to kmsg and adds 'duplicate messages suppressed'
for the last one in the set. eg:
[67.141658] type=1400 audit(1468852100.171:70): avc: ... tcontext=u:object_r:proc:s0 tclass=file
[67.141678] type=1400 audit(1468852107.494:71): avc: ... tcontext=u:object_r:cache_file:s0 tclass=dir
[67.535202] type=1400 audit(1468852107.498:74): avc: ... tcontext=u:object_r:cache_file:s0 tclass=dir duplicate messages suppressed
[67.535227] type=1400 audit(1468852107.888:75): avc: ... tcontext=u:object_r:proc_net:s0 tclass=file
One can look at the sequence numbers in the above example to see that
four identical message were produced, two were dropped.
ToDo: Evaluate multiple streams of duplicate messages.
Bug: 30118730
Change-Id: I31dcda7c8c42edfc7a8f1bf4d9e46284c74b3d18
- Add drop logistics to TagTable
- replace uid references to a key reference since it
is an UID for most buffers, but a TAG for the
events and security buffer
- template the find worst entry mechanics into LogFindWorst class
Bug: 30118730
Change-Id: Ibea4be2c50d6ff4b39039e371365fed2453f17a2
Best practices so that device can set logd.logpersistd properties.
Values can be overriden with trampolines for persist.logd.logpersistd
values except as designed for empty content to keep out of the way.
This allows us to set logd.logpersistd* for a non-persistent collection
that does not survive a reboot, and to use persist.logd.logpersistd*
for persistent collection that does survive a reboot.
Added logd.logpersistd.enable to gate when logpersist service can be
run allowing the properties to be adjusted safely prior to this state
as is the case for device property.
NB: /init will complain when trying to trampoline an empty property,
this is acceptable for functionality, but may be considered
annoying from the logging perspective.
Bug: 28936216
Bug: 29831823
Change-Id: I97317e8eedfae4daa8e3ef39e64e7c5c23d8b573
(cherry pick from commit bf7d0b8875)
The setgid() and setuid() call failure in logd.daemon thread
do not block overall functionality, so clearly tell static
analyzer and developers that we do not care to check their
return values.
SideEffects: None
Bug: 27434072
Change-Id: I6fdc87e8311ebc0173716080bbd72c86b3f00f78
(cherry pick from commit 0ecdec7a09)
release_Locked() is called with a reference count and threadRunning,
the static analyzer can not tell this and estimates that a call to
delete this will occur. So let us invent a new call
release_nodelete_Locked() to ensure it is clear we will not be
arranging a delete this in the context of this code path. The
delete this will follow in the immediate codepath in this function
after threadRunning is cleared, and decRef_Locked() is called.
Change will also remove any developer FUD regarding release_Locked()
usage at this location.
SideEffects: None
Bug: 27434831
Change-Id: I91b060b2dadc72cc449fa381c934afb577bee037
The setgid() and setuid() call failure in logd.daemon thread
do not block overall functionality, so clearly tell static
analyzer and developers that we do not care to check their
return values.
SideEffects: None
Bug: 27434072
Change-Id: I6fdc87e8311ebc0173716080bbd72c86b3f00f78
release_Locked() is called with a reference count and threadRunning,
the static analyzer can not tell this and estimates that a call to
delete this will occur. So let us invent a new call
release_nodelete_Locked() to ensure it is clear we will not be
arranging a delete this in the context of this code path. The
delete this will follow in the immediate codepath in this function
after threadRunning is cleared, and decRef_Locked() is called.
Change will also remove any developer FUD regarding release_Locked()
usage at this location.
SideEffects: None
Bug: 27434831
Change-Id: I91b060b2dadc72cc449fa381c934afb577bee037
A single space character in search terms separates us from a denial of
service attack that forces the device into safe mode. This CL adds a
comment that hopefully stops the spaces from being accidentally deleted
in future.
Change-Id: I33b2632ef4211fa1688ac9c8f0cf7d0c667766c1
external/sepolicy commit bca98efa575bedab68f2d5eaee2cd1fd1741962b
ensures that no permissive domains can be on user builds, and
external/sepolicy commit 3872ee396898fcb23bdc49c37fd02d81014aaa5f
re-enables enforcing mode on cameraserver.
The conditions which lead to the integrity failure detection
triggering can no longer occur. Revert the patch which relaxed
the detection.
This reverts commit 33ee84f871.
Bug: 27313768
Bug: 26902605
Change-Id: I8ee97d0858345695f9df8240de4e696f4a9ba008
Only trigger an integrity failure if a policy is reloaded or
SELinux is disabled. Don't trigger the integrity failure if
we see a permissive=1 denial, which could occur if an SELinux
domain is in permissive mode.
Bug: 27313768
Bug: 26902605
Change-Id: Ib85a2799eb6378ae8acdb965b1812d691183fdd3
(cherry pick from commit 5c77ad55d0)
Allow socket send syscall to terminate after 32 seconds if reader
stalled because of memory pressure allocating new network buffers
Add a gTest to catch regressions, add security buffer to log_dump
Bug: 27242723
Change-Id: Idaa6699d9d284e7f5f723ae0e76b3d6aa3371489
(cherry pick from commit 2ad0bd0a9b)
LogReader.h needs to be individually importable.
Fix a few others, drop includes of local includes, let them be
included in source instead and allow headers to be included
alphabetically. Was not a complete audit since goal was to
separate LogReader.h out from the pack.
Bug: 27242723
Change-Id: Ic7759ef90995e5bd285810706af33550c73cf5b5
Allow socket send syscall to terminate after 32 seconds if reader
stalled because of memory pressure allocating new network buffers
Add a gTest to catch regressions, add security buffer to log_dump
Bug: 27242723
Change-Id: Idaa6699d9d284e7f5f723ae0e76b3d6aa3371489
LogReader.h needs to be individually importable.
Fix a few others, drop includes of local includes, let them be
included in source instead and allow headers to be included
alphabetically. Was not a complete audit since goal was to
separate LogReader.h out from the pack.
Bug: 27242723
Change-Id: Ic7759ef90995e5bd285810706af33550c73cf5b5
If a SELinux policy change or a switch to permissive mode is detected
on a user build, restart the device into safe mode, and keep it there
until an OTA is applied or user data is wiped.
This change deprecates the ro.logd.auditd property.
Needs matching changes from
I781c3059ea8d4fb2f0c923e4488b1932d69678d3
Ica825cf2af74f5624cf4091544bd24bb5482dbe7
Id3ca7889ede30b54b7af73dd50653ca1a20d59aa
Bug: 26902605
Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d
(cherry picked from commit d122ee65b6)
If a SELinux policy change or a switch to permissive mode is detected
on a user build, restart the device into safe mode, and keep it there
until an OTA is applied or user data is wiped.
This change deprecates the ro.logd.auditd property.
Needs matching changes from
I781c3059ea8d4fb2f0c923e4488b1932d69678d3
Ica825cf2af74f5624cf4091544bd24bb5482dbe7
Id3ca7889ede30b54b7af73dd50653ca1a20d59aa
Bug: 26902605
Change-Id: Idcdc5bff133f13c1267f0ec0a75cc8cf1ddbda0d
Mark Salyzyn