Refactor SelinuxAuditLogsCollector to avoid OOM
SelinuxAuditLogsCollector relies on EventLog.readEvents to access the log messages. This method expects a Collection<Event> to store the events read. Previously, this was stored in a temporary ArrayList and Queue. This led to OOM errors if the log contained a large amount of denials. Define a new nested class EventLogCollection which implements Collection<Event>. The event is processed when "added" to the collection (that is, it is forwarded to FrameworkStatsLog.write directly). A side effect of this design is that events are processed from the oldest to the newest (previously, it was the opposite). QuotaExceededException and InterruptedException are raised internally to signal to collect() the status of the processing. Bug: 379252691 Flag: EXEMPT bugfix Test: atest SelinuxFrameworksTests Change-Id: Ia3333c9b4e783f19fa266c4ecc9c01c63009569c
Loading
Please register or sign in to comment