Loading logd/Android.bp +18 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,24 @@ cc_binary { cflags: ["-Werror"], } cc_binary { name: "auditctl", srcs: ["auditctl.cpp"], static_libs: [ "liblogd", ], shared_libs: ["libbase"], cflags: [ "-Wall", "-Wextra", "-Werror", "-Wconversion" ], } prebuilt_etc { name: "logtagd.rc", Loading logd/auditctl.cpp 0 → 100644 +74 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <android-base/parseint.h> #include <error.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include "libaudit.h" static void usage(const char* cmdline) { fprintf(stderr, "Usage: %s [-r rate]\n", cmdline); } static void do_update_rate(uint32_t rate) { int fd = audit_open(); if (fd == -1) { error(EXIT_FAILURE, errno, "Unable to open audit socket"); } int result = audit_rate_limit(fd, rate); close(fd); if (result < 0) { fprintf(stderr, "Can't update audit rate limit: %d\n", result); exit(EXIT_FAILURE); } } int main(int argc, char* argv[]) { uint32_t rate = 0; bool update_rate = false; int opt; while ((opt = getopt(argc, argv, "r:")) != -1) { switch (opt) { case 'r': if (!android::base::ParseUint<uint32_t>(optarg, &rate)) { error(EXIT_FAILURE, errno, "Invalid Rate"); } update_rate = true; break; default: /* '?' */ usage(argv[0]); exit(EXIT_FAILURE); } } // In the future, we may add other options to auditctl // so this if statement will expand. // if (!update_rate && !update_backlog && !update_whatever) ... if (!update_rate) { fprintf(stderr, "Nothing to do\n"); usage(argv[0]); exit(EXIT_FAILURE); } if (update_rate) { do_update_rate(rate); } return 0; } logd/libaudit.c +9 −2 Original line number Diff line number Diff line Loading @@ -160,8 +160,7 @@ int audit_setup(int fd, pid_t pid) { * and the the mask set to AUDIT_STATUS_PID */ status.pid = pid; status.mask = AUDIT_STATUS_PID | AUDIT_STATUS_RATE_LIMIT; status.rate_limit = AUDIT_RATE_LIMIT; /* audit entries per second */ status.mask = AUDIT_STATUS_PID; /* Let the kernel know this pid will be registering for audit events */ rc = audit_send(fd, AUDIT_SET, &status, sizeof(status)); Loading @@ -188,6 +187,14 @@ int audit_open() { return socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT); } int audit_rate_limit(int fd, uint32_t limit) { struct audit_status status; memset(&status, 0, sizeof(status)); status.mask = AUDIT_STATUS_RATE_LIMIT; status.rate_limit = limit; /* audit entries per second */ return audit_send(fd, AUDIT_SET, &status, sizeof(status)); } int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) { ssize_t len; int flags; Loading logd/libaudit.h +11 −2 Original line number Diff line number Diff line Loading @@ -89,8 +89,17 @@ extern int audit_get_reply(int fd, struct audit_message* rep, reply_t block, */ extern int audit_setup(int fd, pid_t pid); /* Max audit messages per second */ #define AUDIT_RATE_LIMIT 5 /** * Throttle kernel messages at the provided rate * @param fd * The fd returned by a call to audit_open() * @param rate * The rate, in messages per second, above which the kernel * should drop audit messages. * @return * This function returns 0 on success, -errno on error. */ extern int audit_rate_limit(int fd, uint32_t limit); __END_DECLS Loading logd/logd.rc +11 −0 Original line number Diff line number Diff line Loading @@ -16,8 +16,19 @@ service logd-reinit /system/bin/logd --reinit group logd writepid /dev/cpuset/system-background/tasks # Limit SELinux denial generation to 5/second service logd-auditctl /system/bin/auditctl -r 5 oneshot disabled user logd group logd capabilities AUDIT_CONTROL on fs write /dev/event-log-tags "# content owned by logd " chown logd logd /dev/event-log-tags chmod 0644 /dev/event-log-tags on property:sys.boot_completed=1 start logd-auditctl Loading
logd/Android.bp +18 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,24 @@ cc_binary { cflags: ["-Werror"], } cc_binary { name: "auditctl", srcs: ["auditctl.cpp"], static_libs: [ "liblogd", ], shared_libs: ["libbase"], cflags: [ "-Wall", "-Wextra", "-Werror", "-Wconversion" ], } prebuilt_etc { name: "logtagd.rc", Loading
logd/auditctl.cpp 0 → 100644 +74 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <android-base/parseint.h> #include <error.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include "libaudit.h" static void usage(const char* cmdline) { fprintf(stderr, "Usage: %s [-r rate]\n", cmdline); } static void do_update_rate(uint32_t rate) { int fd = audit_open(); if (fd == -1) { error(EXIT_FAILURE, errno, "Unable to open audit socket"); } int result = audit_rate_limit(fd, rate); close(fd); if (result < 0) { fprintf(stderr, "Can't update audit rate limit: %d\n", result); exit(EXIT_FAILURE); } } int main(int argc, char* argv[]) { uint32_t rate = 0; bool update_rate = false; int opt; while ((opt = getopt(argc, argv, "r:")) != -1) { switch (opt) { case 'r': if (!android::base::ParseUint<uint32_t>(optarg, &rate)) { error(EXIT_FAILURE, errno, "Invalid Rate"); } update_rate = true; break; default: /* '?' */ usage(argv[0]); exit(EXIT_FAILURE); } } // In the future, we may add other options to auditctl // so this if statement will expand. // if (!update_rate && !update_backlog && !update_whatever) ... if (!update_rate) { fprintf(stderr, "Nothing to do\n"); usage(argv[0]); exit(EXIT_FAILURE); } if (update_rate) { do_update_rate(rate); } return 0; }
logd/libaudit.c +9 −2 Original line number Diff line number Diff line Loading @@ -160,8 +160,7 @@ int audit_setup(int fd, pid_t pid) { * and the the mask set to AUDIT_STATUS_PID */ status.pid = pid; status.mask = AUDIT_STATUS_PID | AUDIT_STATUS_RATE_LIMIT; status.rate_limit = AUDIT_RATE_LIMIT; /* audit entries per second */ status.mask = AUDIT_STATUS_PID; /* Let the kernel know this pid will be registering for audit events */ rc = audit_send(fd, AUDIT_SET, &status, sizeof(status)); Loading @@ -188,6 +187,14 @@ int audit_open() { return socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT); } int audit_rate_limit(int fd, uint32_t limit) { struct audit_status status; memset(&status, 0, sizeof(status)); status.mask = AUDIT_STATUS_RATE_LIMIT; status.rate_limit = limit; /* audit entries per second */ return audit_send(fd, AUDIT_SET, &status, sizeof(status)); } int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) { ssize_t len; int flags; Loading
logd/libaudit.h +11 −2 Original line number Diff line number Diff line Loading @@ -89,8 +89,17 @@ extern int audit_get_reply(int fd, struct audit_message* rep, reply_t block, */ extern int audit_setup(int fd, pid_t pid); /* Max audit messages per second */ #define AUDIT_RATE_LIMIT 5 /** * Throttle kernel messages at the provided rate * @param fd * The fd returned by a call to audit_open() * @param rate * The rate, in messages per second, above which the kernel * should drop audit messages. * @return * This function returns 0 on success, -errno on error. */ extern int audit_rate_limit(int fd, uint32_t limit); __END_DECLS Loading
logd/logd.rc +11 −0 Original line number Diff line number Diff line Loading @@ -16,8 +16,19 @@ service logd-reinit /system/bin/logd --reinit group logd writepid /dev/cpuset/system-background/tasks # Limit SELinux denial generation to 5/second service logd-auditctl /system/bin/auditctl -r 5 oneshot disabled user logd group logd capabilities AUDIT_CONTROL on fs write /dev/event-log-tags "# content owned by logd " chown logd logd /dev/event-log-tags chmod 0644 /dev/event-log-tags on property:sys.boot_completed=1 start logd-auditctl
