Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6aa21b22 authored by Mark Salyzyn's avatar Mark Salyzyn
Browse files

logd: liblog: whitelist "snet_event_log" 

Dangerous bridge to cross to whitelist, who is special, who is not?
Rationalized as these events are used to catch exploits on platform.
As it stands no one should be allowed to block any messages in the
security context, not even for development purposes.

Bug: 26178938
Change-Id: Ibdc76bc0fe29ba05be168b623af1c9f41d7edbd2
parent a0140047

liblog/Android.mk

+1 −1
Original line number Diff line number Diff line
@@ -22,7 +22,7 @@ include $(CLEAR_VARS) 
#       's/^\([0-9]*\)[ \t]*liblog[ \t].*/-DLIBLOG_LOG_TAG=\1/p' \

#       $(LOCAL_PATH)/event.logtags)

# so make sure we do not regret hard-coding it as follows:

liblog_cflags := -DLIBLOG_LOG_TAG=1005

liblog_cflags := -DLIBLOG_LOG_TAG=1005 -DSNET_EVENT_LOG_TAG=1397638484



liblog_host_sources := logd_write.c log_event_write.c fake_log_device.c event.logtags

liblog_target_sources := logd_write.c log_event_write.c event_tag_map.c log_time.cpp log_is_loggable.c

liblog/logd_write.c

+32 −34
Original line number Diff line number Diff line
@@ -221,25 +221,22 @@ static int __write_to_log_daemon(log_id_t log_id, struct iovec *vec, size_t nr) 
            return -EPERM;

        }

    } else if (log_id == LOG_ID_EVENTS) {

        static atomic_uintptr_t map;

        int ret;

        const char *tag;

        EventTagMap *m, *f;



        if (vec[0].iov_len < 4) {

            return -EINVAL;

        }

        if (((uint32_t *)vec[0].iov_base)[0] != htole32(SNET_EVENT_LOG_TAG)) {

            static atomic_uintptr_t map;

            int ret;

            const char *tag = NULL;

            EventTagMap *m, *f = NULL;



        tag = NULL;

        f = NULL;

            m = (EventTagMap *)atomic_load(&map);



            if (!m) {

                ret = trylock();

                m = (EventTagMap *)atomic_load(&map); /* trylock flush cache */

                if (!m) {

                    m = android_openEventTagMap(EVENT_TAG_MAP_FILE);

                if (ret) { /* trylock failed, use local copy, mark for close */

                    if (ret) { /* trylock failed, local copy, mark for close */

                        f = m;

                    } else {

                        if (!m) { /* One chance to open map file */
@@ -266,6 +263,7 @@ static int __write_to_log_daemon(log_id_t log_id, struct iovec *vec, size_t nr) 
            if (!ret) {

                return -EPERM;

            }

        }

    } else {

        /* Validate the incoming tag, tag content can not split across iovec */

        char prio = ANDROID_LOG_VERBOSE;

logd/Android.mk

+3 −1
Original line number Diff line number Diff line
@@ -38,7 +38,9 @@ LOCAL_SHARED_LIBRARIES := \ 
#  event_flag := $(call event_logtags,auditd)

#  event_flag += $(call event_logtags,logd)

# so make sure we do not regret hard-coding it as follows:

event_flag := -DAUDITD_LOG_TAG=1003 -DLOGD_LOG_TAG=1004

event_flag := -DAUDITD_LOG_TAG=1003 \

              -DLOGD_LOG_TAG=1004 \

              -DSNET_EVENT_LOG_TAG=1397638484



LOCAL_CFLAGS := -Werror $(event_flag)

logd/LogBuffer.cpp

+8 −4
Original line number Diff line number Diff line
@@ -205,16 +205,20 @@ int LogBuffer::log(log_id_t log_id, log_time realtime, 


    LogBufferElement *elem = new LogBufferElement(log_id, realtime,

                                                  uid, pid, tid, msg, len);

    if (log_id != LOG_ID_SECURITY) {

    if (log_id != LOG_ID_SECURITY) { // whitelist LOG_ID_SECURITY

        int prio = ANDROID_LOG_INFO;

        const char *tag = NULL;

        const char *tag = (const char *)-1;

        if (log_id == LOG_ID_EVENTS) {

            // whitelist "snet_event_log"

            if (elem->getTag() != SNET_EVENT_LOG_TAG) {

                tag = android::tagToName(elem->getTag());

            }

        } else {

            prio = *msg;

            tag = msg + 1;

        }

        if (!__android_log_is_loggable(prio, tag, ANDROID_LOG_VERBOSE)) {

        if ((tag != (const char *)-1) &&

                !__android_log_is_loggable(prio, tag, ANDROID_LOG_VERBOSE)) {

            // Log traffic received to total

            pthread_mutex_lock(&mLogElementsLock);

            stats.add(elem);