Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce80da30 authored by Mark Salyzyn's avatar Mark Salyzyn
Browse files

logd: Add support for ro.logd.auditd.[main|events] 

log selinux audit messages boolean (true or false, default true)
selection for logging destinations:

ro.logd.auditd - turn on logd.auditd to pick up violations.
ro.logd.auditd.dmesg - to the kernel log.
ro.logd.auditd.main - to the "main" log buffer.
ro.logd.auditd.events - to the "events" log buffer.

We used to also read logd.auditd.dmesg and persist.logd.auditd.dmesg
which do not get refreshed when /data mounts internally.  This is a
confusing state as these properties will be read after a logd crash
and restart, adjusting the behavior of the logger.  Same can be said
for logd.auditd as well.  Drop reading these other parameters.

Test: manual set r/o parameters, stop/start logd to confirm behavior
Bug: 33969000
Bug: 27878170
Change-Id: I1a6bb4a903074c9aa7b227cf583a0094d49cbefd
parent 10a7b9bb

logd/LogAudit.cpp

+11 −2
Original line number Original line Diff line number Diff line
@@ -47,6 +47,10 @@ LogAudit::LogAudit(LogBuffer *buf, LogReader *reader, int fdDmesg) : 
        logbuf(buf),

        logbuf(buf),

        reader(reader),

        reader(reader),

        fdDmesg(fdDmesg),

        fdDmesg(fdDmesg),

        main(__android_logger_property_get_bool("ro.logd.auditd.main",

                                                BOOL_DEFAULT_TRUE)),

        events(__android_logger_property_get_bool("ro.logd.auditd.events",

                                                  BOOL_DEFAULT_TRUE)),

        initialized(false) {

        initialized(false) {

    static const char auditd_message[] = { KMSG_PRIORITY(LOG_INFO),

    static const char auditd_message[] = { KMSG_PRIORITY(LOG_INFO),

        'l', 'o', 'g', 'd', '.', 'a', 'u', 'd', 'i', 't', 'd', ':',

        'l', 'o', 'g', 'd', '.', 'a', 'u', 'd', 'i', 't', 'd', ':',
@@ -172,6 +176,11 @@ int LogAudit::logPrint(const char *fmt, ...) { 
        }

        }

    }

    }





    if (!main && !events) {

        free(str);

        return 0;

    }



    pid_t pid = getpid();

    pid_t pid = getpid();

    pid_t tid = gettid();

    pid_t tid = gettid();

    uid_t uid = AID_LOGD;

    uid_t uid = AID_LOGD;
@@ -222,7 +231,7 @@ int LogAudit::logPrint(const char *fmt, ...) { 




    bool notify = false;

    bool notify = false;





    {   // begin scope for event buffer

    if (events) {   // begin scope for event buffer

        uint32_t buffer[(n + sizeof(uint32_t) - 1) / sizeof(uint32_t)];

        uint32_t buffer[(n + sizeof(uint32_t) - 1) / sizeof(uint32_t)];





        android_log_event_string_t *event

        android_log_event_string_t *event
@@ -277,7 +286,7 @@ int LogAudit::logPrint(const char *fmt, ...) { 
    size_t e = strnlen(ecomm, LOGGER_ENTRY_MAX_PAYLOAD - b);

    size_t e = strnlen(ecomm, LOGGER_ENTRY_MAX_PAYLOAD - b);

    n = b + e + l + 2;

    n = b + e + l + 2;





    {   // begin scope for main buffer

    if (main) {   // begin scope for main buffer

        char newstr[n];

        char newstr[n];





        *newstr = info ? ANDROID_LOG_INFO : ANDROID_LOG_WARN;

        *newstr = info ? ANDROID_LOG_INFO : ANDROID_LOG_WARN;

logd/LogAudit.h

+3 −1
Original line number Original line Diff line number Diff line
@@ -26,7 +26,9 @@ class LogReader; 
class LogAudit : public SocketListener {

class LogAudit : public SocketListener {

    LogBuffer *logbuf;

    LogBuffer *logbuf;

    LogReader *reader;

    LogReader *reader;

    int fdDmesg;

    int fdDmesg; // fdDmesg >= 0 is functionally bool dmesg

    bool main;

    bool events;

    bool initialized;

    bool initialized;





public:

public:

logd/README.property

+3 −2
Original line number Original line Diff line number Diff line
@@ -2,8 +2,9 @@ The properties that logd and friends react to are: 




name                       type default  description

name                       type default  description

ro.logd.auditd             bool   true   Enable selinux audit daemon

ro.logd.auditd             bool   true   Enable selinux audit daemon

ro.logd.auditd.dmesg       bool   true   selinux audit messages duplicated and

ro.logd.auditd.dmesg       bool   true   selinux audit messages sent to dmesg.

                                         sent on to dmesg log

ro.logd.auditd.main        bool   true   selinux audit messages sent to main.

ro.logd.auditd.events      bool   true   selinux audit messages sent to events.

persist.logd.security      bool   false  Enable security buffer.

persist.logd.security      bool   false  Enable security buffer.

ro.device_owner            bool   false  Override persist.logd.security to false

ro.device_owner            bool   false  Override persist.logd.security to false

ro.logd.kernel             bool+ svelte+ Enable klogd daemon

ro.logd.kernel             bool+ svelte+ Enable klogd daemon

logd/main.cpp

+4 −5
Original line number Original line Diff line number Diff line
@@ -451,9 +451,8 @@ int main(int argc, char *argv[]) { 
        pthread_attr_destroy(&attr);

        pthread_attr_destroy(&attr);

    }

    }





    bool auditd = __android_logger_property_get_bool("logd.auditd",

    bool auditd = __android_logger_property_get_bool("ro.logd.auditd",

                                                     BOOL_DEFAULT_TRUE |

                                                     BOOL_DEFAULT_TRUE);

                                                     BOOL_DEFAULT_FLAG_PERSIST);

    if (drop_privs(klogd, auditd) != 0) {

    if (drop_privs(klogd, auditd) != 0) {

        return -1;

        return -1;

    }

    }
@@ -513,8 +512,8 @@ int main(int argc, char *argv[]) { 
    if (auditd) {

    if (auditd) {

        al = new LogAudit(logBuf, reader,

        al = new LogAudit(logBuf, reader,

                          __android_logger_property_get_bool(

                          __android_logger_property_get_bool(

                              "logd.auditd.dmesg",

                              "ro.logd.auditd.dmesg",

                              BOOL_DEFAULT_TRUE | BOOL_DEFAULT_FLAG_PERSIST)

                              BOOL_DEFAULT_TRUE)

                                  ? fdDmesg

                                  ? fdDmesg

                                  : -1);

                                  : -1);

    }

    }