Commit Graph

228 Commits

Author SHA1 Message Date
Mark Salyzyn 2581a3e762 liblog: test: security buffer is allowed to be denied
am: 53263ff

* commit '53263ffa00b291de92dd4cb399b1cb5218d363f6':
  liblog: test: security buffer is allowed to be denied
2016-03-16 16:50:08 +00:00
Mark Salyzyn 04f5acd3a8 liblog: test: do not LOG in signal handler
am: a6f2f81

* commit 'a6f2f81d1ec81315f7b8395c17282b5f9d02bf0a':
  liblog: test: do not LOG in signal handler
2016-03-16 16:50:08 +00:00
Mark Salyzyn 53263ffa00 liblog: test: security buffer is allowed to be denied
(cherry pick from commit 29e70a98fe)

Bug: 27405083
Change-Id: I7cbc8fda326a2aea3bef5dabee9d3290cc818b24
2016-03-16 09:05:15 -07:00
Mark Salyzyn a6f2f81d1e liblog: test: do not LOG in signal handler
(cherry pick from commit 50af7f8b1d)

- We actually are logging in a signal handler, the title is bluster
  to remind developers. It is not a reliable path though as it can
  lock up. Our goal is to minimize the chances of a lockup regardless
  in the name of stability only. The test remains to catch regression
  in the name of code quality and reliability. Expected to be
  >99.999% reliable.
- Add a new _correct_ duplicate test that uses signal to release a
  semaphore to a thread that performs the task. This path is expected
  to be 100% reliable.

Bug: 27405083
Change-Id: Ibb7cf4b13e34ebfac2db2af8724b7db7a27f81a8
2016-03-16 09:04:30 -07:00
Mark Salyzyn 73207ce139 liblog: truncate logtags that overflow prefixBuf
(cherry pick from commit 2f83d679dd)

Bug: 27585978
Change-Id: If2f45e8787b05b46491a771702746cfc248b9ccd
2016-03-14 10:08:06 -07:00
Mark Salyzyn 2f83d679dd liblog: truncate logtags that overflow prefixBuf
Bug: 27585978
Change-Id: If2f45e8787b05b46491a771702746cfc248b9ccd
2016-03-14 09:12:24 -07:00
Mark Salyzyn 6d753faaf8 liblog: audit declare LIBLOG_ABI_PUBLIC
(cherry pick from commit be1d3c21b5)

- replace <sys/cdefs.h> with local "log_cdefs.h" which
  fortifies and expands definitions, adding LIBLOG_ABI_PUBLIC,
  LIBLOG_HIDDEN, LIBLOG_ABI_PRIVATE and LIBLOG_WEAK.
- clearly tag each interface as LIBLOG_ABI_PUBLIC, LIBLOG_HIDDEN,
  LIBLOG_ABI_PRIVATE, LIBLOG_WEAK or static depending on scope
- Add -fvisibility=hidden to ensure nothing else leaks
- some code standard adjustments

Bug: 27566046
Change-Id: Ic14033c4e6d833d973beb035ddc1c6134fb35a3f
2016-03-10 14:44:27 -08:00
Mark Salyzyn 029c737380 liblog: document fakeLogClose never to be called
(cherry pick from commit bc81b17e06)

Bug: 27107691
Change-Id: Ia699646ec2e83ca46f8b62b5d4f144e533b36074
2016-03-10 14:44:22 -08:00
Mark Salyzyn 8edbbe1dc1 fake_log_device: long lived allocations
(cherry pick from commit 0085a135b9)

Use static space for long lived allocations as they
will appear to act like a memory leak. Resort to a
larger on-stack iovec to reduce the chances of an
allocation. Fix bug in writer where not enough size
was available for "security" buffer name. Minor
transitions to more consistent coding style.

Bug: 27107691
Change-Id: I68c918e7b916b1ae3b04829d48b3eddaa0a7e739
2016-03-10 14:44:16 -08:00
Mark Salyzyn be1d3c21b5 liblog: audit declare LIBLOG_ABI_PUBLIC
- replace <sys/cdefs.h> with local "log_cdefs.h" which
  fortifies and expands definitions, adding LIBLOG_ABI_PUBLIC,
  LIBLOG_HIDDEN, LIBLOG_ABI_PRIVATE and LIBLOG_WEAK.
- clearly tag each interface as LIBLOG_ABI_PUBLIC, LIBLOG_HIDDEN,
  LIBLOG_ABI_PRIVATE, LIBLOG_WEAK or static depending on scope
- Add -fvisibility=hidden to ensure nothing else leaks
- some code standard adjustments

Bug: 27566046
Change-Id: Ic14033c4e6d833d973beb035ddc1c6134fb35a3f
2016-03-10 13:49:38 -08:00
Dan Willemsen 7d5457e150 liblog: Update Android.bp for Android.mk changes
Change-Id: I5062583a45efa2774f01339e7601767b817f54ee
2016-02-29 10:46:18 -08:00
Elliott Hughes 74c9052fe4 Remove another test for a private API I'm about to remove.
Change-Id: I541d1de549aa62d43867889f41bd0757ed414636
2016-02-26 22:04:26 -08:00
Elliott Hughes 0962ecd4e3 Merge "Remove a test for an API I'm removing." 2016-02-27 01:26:30 +00:00
Elliott Hughes 9ce327200c Remove a test for an API I'm removing.
Change-Id: I44ee84b92fdbf561551e5cf90e0c44df535de83f
2016-02-26 16:57:54 -08:00
Dan Willemsen 9dddd137c7 Fix windows 64-bit builds
pid_t is 64-bit in 64-bit mingw, but the windows process/thread
functions return a DWORD(uint32_t). Instead of promoting to a pid_t and
fixing the format strings, just use a uint32_t to store the values.

android_thread_id also cannot be a 64-bit pointer, so for windows just
force it to be a uint32_t.

libutils/ProcessCallStack only works under Linux, since it makes heavy
use of /proc. Don't compile it under Windows or Darwin.

Bug: 26957718

(cherry picked from commit 86cf941c48)

Change-Id: I8d39d1951fea1b3011caf585c983e1da7959f7c0
2016-02-25 18:43:55 -08:00
Mark Salyzyn a4f2ef1b05 liblog: __android_log_error_write use event list library
(cherry pick from commit 81f407be36)

Switch to the event list library to compose the associated event.

SideEffects: Instead of composing event on a stack buffer of 512
             bytes in size, a PAGE is allocated temporarily.

Bug: 27356456
Change-Id: Ic15a87f49385834c2287ed82c26439b2c5eb4f77
2016-02-25 15:54:28 -08:00
Mark Salyzyn d9aee653d1 liblog: test: __android_log_error_write accuracy
(cherry pick from commit 5cecedc6e8)

Add a test to confirm exact expected content using the testframe
setup for the events log handler. Remove dependency on 512 truncation
in liblog->
android_errorWriteWithInfoLog__android_logger_list_read__data_too_large
to something more liberal.

Bug: 27356456
Change-Id: I8a53ad3a16cf16b14856efe5b95417e857c7e09b
2016-02-25 15:53:44 -08:00
Mark Salyzyn 1d5afc9e08 liblog: add android_log_write_string8_len
(cherry pick from commit 67d7eafd56)

android_log_write_string8_len(android_log_context ctx,
                              const char *value, size_t maxlen)

Caps the supplied string to a maxlen length. Alter API to handle
a NULL pointer for the value string for this and
android_log_write_string8() and instead of returning -EINVAL,
act like a null string "" was supplied to preserve the list
location. API is also changed to report the number of characters
actually placed into the android_log_context.

Bug: 27356456
Bug: 19235719
Change-Id: I6a03d405eac1d741555dd05555513ec691e7a46e
2016-02-25 15:53:00 -08:00
Mark Salyzyn 81f407be36 liblog: __android_log_error_write use event list library
Switch to the event list library to compose the associated event.

SideEffects: Instead of composing event on a stack buffer of 512
             bytes in size, a PAGE is allocated temporarily.

Bug: 27356456
Change-Id: Ic15a87f49385834c2287ed82c26439b2c5eb4f77
2016-02-25 12:29:32 -08:00
Mark Salyzyn 5cecedc6e8 liblog: test: __android_log_error_write accuracy
Add a test to confirm exact expected content using the testframe
setup for the events log handler. Remove dependency on 512 truncation
in liblog->
android_errorWriteWithInfoLog__android_logger_list_read__data_too_large
to something more liberal.

Bug: 27356456
Change-Id: I8a53ad3a16cf16b14856efe5b95417e857c7e09b
2016-02-25 12:29:32 -08:00
Mark Salyzyn 67d7eafd56 liblog: add android_log_write_string8_len
android_log_write_string8_len(android_log_context ctx,
                              const char *value, size_t maxlen)

Caps the supplied string to a maxlen length. Alter API to handle
a NULL pointer for the value string for this and
android_log_write_string8() and instead of returning -EINVAL,
act like a null string "" was supplied to preserve the list
location. API is also changed to report the number of characters
actually placed into the android_log_context.

Bug: 27356456
Bug: 19235719
Change-Id: I6a03d405eac1d741555dd05555513ec691e7a46e
2016-02-25 12:29:32 -08:00
Mark Salyzyn 9dd6510dd0 liblog: event log list logging handler
(cherry pick from commit bd1ad049b2)

Based off an initial request and effort by williamluh@google.com

- Added the following functions:

* Composing and Writing:

android_log_context create_android_logger(uint32_t tag)

int android_log_write_list_begin(android_log_context ctx)
int android_log_write_list_end(android_log_context ctx)

int android_log_write_int32(android_log_context ctx, int32_t value)
int android_log_write_int64(android_log_context ctx, int64_t value)
int android_log_write_string8(android_log_context ctx, const char *value)
int android_log_write_float32(android_log_context ctx, float value)

int android_log_write_list(android_log_context ctx, log_id_t id)

* Reading and Interpreting:

android_log_context create_android_log_parser(const char *msg, size_t len)

android_log_list_element android_log_read_next(android_log_context ctx)
android_log_list_element android_log_peek_next(android_log_context ctx)

* Destroy context used above:

int android_log_destroy(android_log_context *ctx);

- Added unit gTests

We moved implemented android_log_buffer_to_string() to the test since
it is an alternate for already existing logprint functionality.
Please move into liblog should it be of some common use, otherwise
as is it is a good means of stessing the reading and interpreting
handlers.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 19235719
Change-Id: I4aa1927e8e6a75f0a129d15a27c891cf1ccd4f5c
2016-02-23 07:45:49 -08:00
Mark Salyzyn bd1ad049b2 liblog: event log list logging handler
Based off an initial request and effort by williamluh@google.com

- Added the following functions:

* Composing and Writing:

android_log_context create_android_logger(uint32_t tag)

int android_log_write_list_begin(android_log_context ctx)
int android_log_write_list_end(android_log_context ctx)

int android_log_write_int32(android_log_context ctx, int32_t value)
int android_log_write_int64(android_log_context ctx, int64_t value)
int android_log_write_string8(android_log_context ctx, const char *value)
int android_log_write_float32(android_log_context ctx, float value)

int android_log_write_list(android_log_context ctx, log_id_t id)

* Reading and Interpreting:

android_log_context create_android_log_parser(const char *msg, size_t len)

android_log_list_element android_log_read_next(android_log_context ctx)
android_log_list_element android_log_peek_next(android_log_context ctx)

* Destroy context used above:

int android_log_destroy(android_log_context *ctx);

- Added unit gTests

We moved implemented android_log_buffer_to_string() to the test since
it is an alternate for already existing logprint functionality.
Please move into liblog should it be of some common use, otherwise
as is it is a good means of stessing the reading and interpreting
handlers.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 19235719
Change-Id: I4aa1927e8e6a75f0a129d15a27c891cf1ccd4f5c
2016-02-22 16:04:41 -08:00
Mark Salyzyn b7a0166b00 liblog: deal with warning messages
(cherry pick from commit b525884edb)

- Fix bug in fake_log_devices when it can not allocate memory
  failing to use the full on-stack buffer as backup.
- remove superfluous code.

Bug: 27265662
Change-Id: I97b6cca5f4ce8ecad9beb3a08353de596d6a4ad1
2016-02-22 15:46:22 -08:00
Mark Salyzyn b525884edb liblog: deal with warning messages
- Fix bug in fake_log_devices when it can not allocate memory
  failing to use the full on-stack buffer as backup.
- remove superfluous code.

Bug: 27265662
Change-Id: I97b6cca5f4ce8ecad9beb3a08353de596d6a4ad1
2016-02-19 14:40:16 -08:00
Mark Salyzyn 0085a135b9 fake_log_device: long lived allocations
Use static space for long lived allocations as they
will appear to act like a memory leak. Resort to a
larger on-stack iovec to reduce the chances of an
allocation. Fix bug in writer where not enough size
was available for "security" buffer name. Minor
transitions to more consistent coding style.

Bug: 27107691
Change-Id: I68c918e7b916b1ae3b04829d48b3eddaa0a7e739
2016-02-17 12:22:18 -08:00
Mark Salyzyn bc81b17e06 liblog: document fakeLogClose never to be called
Bug: 27107691
Change-Id: Ia699646ec2e83ca46f8b62b5d4f144e533b36074
2016-02-16 10:35:06 -08:00
Mark Salyzyn 663687270c liblog: test: newline space prefix and max length print tests
Add some more tests for logprint library

Bug: 27091726
Change-Id: I264c0607967e0121fefb1b8698f9b02b1463c662
2016-02-11 10:43:14 -08:00
Mark Salyzyn 3f94122ced liblog: add gTests for logging with leading newline
Bug: 27091726
Change-Id: Idff0e4e7c025426002c6381c3afb00e12d9fc1b5
2016-02-10 09:52:13 -08:00
Dan Willemsen 86cf941c48 Fix windows 64-bit builds
pid_t is 64-bit in 64-bit mingw, but the windows process/thread
functions return a DWORD(uint32_t). Instead of promoting to a pid_t and
fixing the format strings, just use a uint32_t to store the values.

android_thread_id also cannot be a 64-bit pointer, so for windows just
force it to be a uint32_t.

libutils/ProcessCallStack only works under Linux, since it makes heavy
use of /proc. Don't compile it under Windows or Darwin.

Bug: 26957718
Change-Id: I4e43e7cf18a96f22b3a9a08dbab8c3e960c12930
2016-02-05 16:10:10 -08:00
Colin Cross a2dd73424f Merge "liblog: remove strdup from logging calls" 2016-02-03 21:48:37 +00:00
Colin Cross 7a106f7c12 liblog: remove strdup from logging calls
strdup to a static pointer is unnecessary, strlcpy into a static buffer
instead.  Avoids allocations in the ALOG* path, allowing liblog to be
used by libmemleak.

Change-Id: Ie0986da27c1fc5eb8ce4ebb076b513be8e1ee676
2016-02-02 13:55:42 -08:00
Mark Salyzyn 8fa8896d2e logd: security buffer only AID_SYSTEM reader
- limit AID_SYSTEM uid or gid to read security buffer messages
- adjust liblog tests to reflect the reality of this adjustment

To fully test all security buffer paths and modes

$ su 0,0,0 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 1000,1000,1000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 2000,2000,2000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*

ToDo: Integrate the above individually into the gTest Q/A testing

Bug: 26029733
Change-Id: Idcf5492db78fa6934ef6fb43f3ef861052675651
2016-02-01 13:29:06 -08:00
Mark Salyzyn 9107c462ce liblog: check getgroups for AID_LOG for AID_LOG_SECURITY
Bug: 26792035
Change-Id: I634d3c8f9f3175956bd70e80daa479af40180f90
2016-01-26 13:32:02 -08:00
Mark Salyzyn 7cc8013e37 liblog: fix android_log_printLogLine empty event string
Allow _one_ empty line to get through before evaluating
further. Add __android_log_bswrite testing for content
and contentless cases; checking for propagation and for
expected printing. As for printing which is fixed here,
security variants cover the same code paths as the events.

Bug: 26646213
Change-Id: I484718aa604e0a00afde4c34a00e87468ea93aa5
2016-01-20 14:15:19 -08:00
Rubin Xu d545d2930e Add logd security buffer tag types and string write API.
Bug: 22860162
Change-Id: I1cceed3462eaebdd8208abf101b127f27f0023a7
2016-01-19 17:13:28 +00:00
Mark Salyzyn 1a5bac2069 Merge "Revert "logd: liblog: whitelist "snet_event_log""" 2016-01-06 21:22:04 +00:00
Mark Salyzyn 0ee8de3c2d Revert "logd: liblog: whitelist "snet_event_log""
Callers will not guarantee that they can or will ratelimit, we need to
retain the ability to blacklist snet_event_log as a result.

This reverts commit 6aa21b225d.

Bug: 26178938
Change-Id: Ibf47d2e23a84c56f5f72d02312c698df7ff2b601
2016-01-06 21:19:23 +00:00
Dan Willemsen d68c35a9ce liblog: Update Android.bp to match Android.mk
Change-Id: Ic887493c03d133a566a96c1c5b65dcd67e5d7131
2016-01-05 13:09:35 -08:00
Mark Salyzyn 6aa21b225d logd: liblog: whitelist "snet_event_log"
Dangerous bridge to cross to whitelist, who is special, who is not?
Rationalized as these events are used to catch exploits on platform.
As it stands no one should be allowed to block any messages in the
security context, not even for development purposes.

Bug: 26178938
Change-Id: Ibdc76bc0fe29ba05be168b623af1c9f41d7edbd2
2015-12-30 10:07:19 -08:00
Mark Salyzyn a014004752 liblog: add __android_log_is_loggable checking to writer
Add __android_log_is_loggable() checking for all buffers except
LOG_ID_SECURITY. Return -EPERM if blocked. Since we are sniffing
the log tag, check validity and return -EINVAL.

NB: Try not to call __android_log_is_loggable() in native code within
a signal handler. Both here, and in the system properties, there
are locking paths that are not guaranteed to play well in that
environment. This has also been the case for the log writer path
even before this change. All attempts have been made to use trylock,
and to use a more expensive code path when contention occurs rather
than lead to deadlock.

Bug: 19544788
Bug: 26178938
Change-Id: I98738c662f6328189a6703251eb8721a05e956f9
2015-12-30 10:03:37 -08:00
Mark Salyzyn 31ca3c3770 liblog: build break
Some compilers erroneously see uninitialized use, even despite all
accesses being behind !not_locked. Confirmed initialization does not
affect expected performance.

Bug: 26178938
Bug: 26029733
Bug: 17760225
Change-Id: Ib36ed8dd2c4b196ca84ef79a9531625dcee77e15
2015-12-22 10:49:35 -08:00
Mark Salyzyn a67d8a53c7 liblog: is loggable is flaky
- Deal with __android_log_is_loggable inside signal handler by
  treating a lock contention system call as more costly than reading
  the associated property directly. Rather waiting around in a
  contended stat to hit cache.
- Check both the individual known __system_property_serial() and
  global __system_property_area_serial() to detect updates or
  additions to the properties to respond in the most aggressive and
  timely manner. __android_log_is_loggable() return at max CPU
  clockrate on a N9 in 61ns.
- Craft a common do_cache2 inline that adds the above to the other
  functions that utilize cache handling and preserves (within 3ns)
  performance in android_log_clockid() and __android_log_security().
  These functions return at max CPU clockrate on a N9 in 23ns.

Bug: 19544788
Bug: 25693940
Bug: 25792367
Bug: 26178938
Change-Id: I9cd94598f5c558e946b93977ad3714a4b03d0422
2015-12-22 10:06:22 -08:00
Mark Salyzyn 77c166b5dd liblog: test: instrument is_loggable failures
Bug: 25792367
Change-Id: Ia34f8e7ea0bd7f15bf705afd3a1c631a56d1c479
2015-12-18 15:17:51 -08:00
Mark Salyzyn ee3b838e13 logd: statistics per-pid filter
Primarily gives access to the Chattiest TIDs and TAGs
associated with a pid.

Has a secondary effect of allowing us to pull out the
command line, comm and in some cases the associated
PACKAGE for a specific pid while the logs are still
present even if the executable is gone.

Bug: 26029733
Bug: 21615139
Change-Id: I1ea63165a680a9318360579b70b1512078ed5682
2015-12-18 13:17:37 -08:00
Mark Salyzyn 5d8742feb6 Merge "liblog: test: pmsg overhead measurement" 2015-12-18 20:34:55 +00:00
Mark Salyzyn 1d51753461 Merge "liblog: Remove paranoia regarding logd" 2015-12-18 18:51:24 +00:00
Mark Salyzyn 163ebdc7cd liblog: test: pmsg overhead measurement
This test tells us that scatter-gather (writev instead of write)
carries a small ~2% penalty. Unaligned buffer carry a similar
additional penalty. On N9 it takes 3us to 22us _just_ to write
the pmsg logs, depending on size. Some assumptions about the
socket read and write performance for the main logging can be made
from tracking these results and should improve design decisions.

Bug: 18771697
Bug: 23685592
Change-Id: Id4d64c449140e4f39078c62b0097e403df91fe0c
2015-12-16 13:12:56 -08:00
Mark Salyzyn 7bc8023857 liblog: logprint security ANDROID_LOG_WARN
Bug: 26029733
Change-Id: I4f0cffc0a45819fb48807bf06ce336316276369d
2015-12-11 12:37:22 -08:00
Mark Salyzyn 86052a5d4f Merge "logd: liblog: logcat: Add LOG_ID_SECURITY" 2015-12-11 17:33:33 +00:00