Loading logd/Android.bp +29 −33 Original line number Diff line number Diff line Loading @@ -28,46 +28,53 @@ event_flag = [ "-DLIBLOG_LOG_TAG=1006", ] cc_defaults { name: "logd_defaults", shared_libs: ["libbase"], cflags: [ "-Wextra", "-Wthread-safety", ] + event_flag, lto: { thin: true, }, } cc_library_static { name: "liblogd", defaults: ["logd_defaults"], srcs: [ "ChattyLogBuffer.cpp", "CommandListener.cpp", "LogListener.cpp", "LogPermissions.cpp", "LogReader.cpp", "LogReaderList.cpp", "LogReaderThread.cpp", "LogBufferElement.cpp", "LogStatistics.cpp", "LogWhiteBlackList.cpp", "libaudit.c", "LogAudit.cpp", "LogKlog.cpp", "LogTags.cpp", ], logtags: ["event.logtags"], shared_libs: ["libbase"], export_include_dirs: ["."], cflags: [ "-Wextra", "-Wthread-safety", ] + event_flag, lto: { thin: true } } cc_binary { name: "logd", defaults: ["logd_defaults"], init_rc: ["logd.rc"], srcs: ["main.cpp"], srcs: [ "main.cpp", "LogPermissions.cpp", "CommandListener.cpp", "LogListener.cpp", "LogReader.cpp", "LogAudit.cpp", "LogKlog.cpp", "libaudit.cpp", ], static_libs: [ "liblog", Loading @@ -77,34 +84,23 @@ cc_binary { shared_libs: [ "libsysutils", "libcutils", "libbase", "libpackagelistparser", "libprocessgroup", "libcap", ], cflags: [ "-Wextra", ], lto: { thin: true } } cc_binary { name: "auditctl", srcs: ["auditctl.cpp"], static_libs: [ "liblogd", srcs: [ "auditctl.cpp", "libaudit.cpp", ], shared_libs: ["libbase"], cflags: [ "-Wconversion", "-Wextra", ], } Loading logd/libaudit.c→logd/libaudit.cpp +38 −74 Original line number Diff line number Diff line Loading @@ -18,11 +18,13 @@ * */ #include "libaudit.h" #include <errno.h> #include <string.h> #include <unistd.h> #include "libaudit.h" #include <limits> /** * Waits for an ack from the kernel Loading @@ -32,22 +34,15 @@ * This function returns 0 on success, else -errno. */ static int get_ack(int fd) { int rc; struct audit_message rep; /* Sanity check, this is an internal interface this shouldn't happen */ if (fd < 0) { return -EINVAL; } rc = audit_get_reply(fd, &rep, GET_REPLY_BLOCKING, MSG_PEEK); struct audit_message rep = {}; int rc = audit_get_reply(fd, &rep, GET_REPLY_BLOCKING, MSG_PEEK); if (rc < 0) { return rc; } if (rep.nlh.nlmsg_type == NLMSG_ERROR) { audit_get_reply(fd, &rep, GET_REPLY_BLOCKING, 0); rc = ((struct nlmsgerr*)rep.data)->error; rc = reinterpret_cast<struct nlmsgerr*>(rep.data)->error; if (rc) { return -rc; } Loading @@ -70,19 +65,11 @@ static int get_ack(int fd) { * This function returns a positive sequence number on success, else -errno. */ static int audit_send(int fd, int type, const void* data, size_t size) { int rc; static int16_t sequence = 0; struct audit_message req; struct sockaddr_nl addr; memset(&req, 0, sizeof(req)); memset(&addr, 0, sizeof(addr)); /* We always send netlink messaged */ addr.nl_family = AF_NETLINK; struct sockaddr_nl addr = {.nl_family = AF_NETLINK}; /* Set up the netlink headers */ req.nlh.nlmsg_type = type; struct audit_message req = {}; req.nlh.nlmsg_type = static_cast<uint16_t>(type); req.nlh.nlmsg_len = NLMSG_SPACE(size); req.nlh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; Loading @@ -107,29 +94,23 @@ static int audit_send(int fd, int type, const void* data, size_t size) { /* * Only increment the sequence number on a guarantee * you will send it to the kernel. * * Also, the sequence is defined as a u32 in the kernel * struct. Using an int here might not work on 32/64 bit splits. A * signed 64 bit value can overflow a u32..but a u32 * might not fit in the response, so we need to use s32. * Which is still kind of hackish since int could be 16 bits * in size. The only safe type to use here is a signed 16 * bit value. */ req.nlh.nlmsg_seq = ++sequence; /* While failing and its due to interrupts */ static uint32_t sequence = 0; if (sequence == std::numeric_limits<uint32_t>::max()) { sequence = 1; } else { sequence++; } req.nlh.nlmsg_seq = sequence; rc = TEMP_FAILURE_RETRY(sendto(fd, &req, req.nlh.nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr))); ssize_t rc = TEMP_FAILURE_RETRY( sendto(fd, &req, req.nlh.nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr))); /* Not all the bytes were sent */ if (rc < 0) { rc = -errno; goto out; return -errno; } else if ((uint32_t)rc != req.nlh.nlmsg_len) { rc = -EPROTO; goto out; return -EPROTO; } /* We sent all the bytes, get the ack */ Loading @@ -138,32 +119,22 @@ static int audit_send(int fd, int type, const void* data, size_t size) { /* If the ack failed, return the error, else return the sequence number */ rc = (rc == 0) ? (int)sequence : rc; out: /* Don't let sequence roll to negative */ if (sequence < 0) { sequence = 0; } return rc; } int audit_setup(int fd, pid_t pid) { int rc; struct audit_message rep; struct audit_status status; memset(&status, 0, sizeof(status)); /* * In order to set the auditd PID we send an audit message over the netlink * socket with the pid field of the status struct set to our current pid, * and the the mask set to AUDIT_STATUS_PID */ status.pid = pid; status.mask = AUDIT_STATUS_PID; struct audit_status status = { .mask = AUDIT_STATUS_PID, .pid = static_cast<uint32_t>(pid), }; /* Let the kernel know this pid will be registering for audit events */ rc = audit_send(fd, AUDIT_SET, &status, sizeof(status)); int rc = audit_send(fd, AUDIT_SET, &status, sizeof(status)); if (rc < 0) { return rc; } Loading @@ -178,6 +149,7 @@ int audit_setup(int fd, pid_t pid) { * so I went to non-blocking and it seemed to fix the bug. * Need to investigate further. */ struct audit_message rep = {}; audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); return 0; Loading @@ -188,27 +160,18 @@ int audit_open() { } int audit_rate_limit(int fd, uint32_t limit) { struct audit_status status; memset(&status, 0, sizeof(status)); status.mask = AUDIT_STATUS_RATE_LIMIT; status.rate_limit = limit; /* audit entries per second */ struct audit_status status = { .mask = AUDIT_STATUS_RATE_LIMIT, .rate_limit = limit, /* audit entries per second */ }; return audit_send(fd, AUDIT_SET, &status, sizeof(status)); } int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) { ssize_t len; int flags; int rc = 0; struct sockaddr_nl nladdr; socklen_t nladdrlen = sizeof(nladdr); if (fd < 0) { return -EBADF; } /* Set up the flags for recv from */ flags = (block == GET_REPLY_NONBLOCKING) ? MSG_DONTWAIT : 0; int flags = (block == GET_REPLY_NONBLOCKING) ? MSG_DONTWAIT : 0; flags |= peek; /* Loading @@ -216,19 +179,20 @@ int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) * the interface shows that EINTR can never be returned, other errors, * however, can be returned. */ len = TEMP_FAILURE_RETRY(recvfrom(fd, rep, sizeof(*rep), flags, (struct sockaddr*)&nladdr, &nladdrlen)); struct sockaddr_nl nladdr; socklen_t nladdrlen = sizeof(nladdr); ssize_t len = TEMP_FAILURE_RETRY( recvfrom(fd, rep, sizeof(*rep), flags, (struct sockaddr*)&nladdr, &nladdrlen)); /* * EAGAIN should be re-tried until success or another error manifests. */ if (len < 0) { rc = -errno; if (block == GET_REPLY_NONBLOCKING && rc == -EAGAIN) { if (block == GET_REPLY_NONBLOCKING && errno == EAGAIN) { /* If request is non blocking and errno is EAGAIN, just return 0 */ return 0; } return rc; return -errno; } if (nladdrlen != sizeof(nladdr)) { Loading @@ -242,10 +206,10 @@ int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) /* Check if the reply from the kernel was ok */ if (!NLMSG_OK(&rep->nlh, (size_t)len)) { rc = (len == sizeof(*rep)) ? -EFBIG : -EBADE; return len == sizeof(*rep) ? -EFBIG : -EBADE; } return rc; return 0; } void audit_close(int fd) { Loading logd/libaudit.h +1 −4 Original line number Diff line number Diff line Loading @@ -17,8 +17,7 @@ * Written by William Roberts <w.roberts@sta.samsung.com> */ #ifndef _LIBAUDIT_H_ #define _LIBAUDIT_H_ #pragma once #include <stdint.h> #include <sys/cdefs.h> Loading Loading @@ -102,5 +101,3 @@ extern int audit_setup(int fd, pid_t pid); extern int audit_rate_limit(int fd, uint32_t limit); __END_DECLS #endif Loading
logd/Android.bp +29 −33 Original line number Diff line number Diff line Loading @@ -28,46 +28,53 @@ event_flag = [ "-DLIBLOG_LOG_TAG=1006", ] cc_defaults { name: "logd_defaults", shared_libs: ["libbase"], cflags: [ "-Wextra", "-Wthread-safety", ] + event_flag, lto: { thin: true, }, } cc_library_static { name: "liblogd", defaults: ["logd_defaults"], srcs: [ "ChattyLogBuffer.cpp", "CommandListener.cpp", "LogListener.cpp", "LogPermissions.cpp", "LogReader.cpp", "LogReaderList.cpp", "LogReaderThread.cpp", "LogBufferElement.cpp", "LogStatistics.cpp", "LogWhiteBlackList.cpp", "libaudit.c", "LogAudit.cpp", "LogKlog.cpp", "LogTags.cpp", ], logtags: ["event.logtags"], shared_libs: ["libbase"], export_include_dirs: ["."], cflags: [ "-Wextra", "-Wthread-safety", ] + event_flag, lto: { thin: true } } cc_binary { name: "logd", defaults: ["logd_defaults"], init_rc: ["logd.rc"], srcs: ["main.cpp"], srcs: [ "main.cpp", "LogPermissions.cpp", "CommandListener.cpp", "LogListener.cpp", "LogReader.cpp", "LogAudit.cpp", "LogKlog.cpp", "libaudit.cpp", ], static_libs: [ "liblog", Loading @@ -77,34 +84,23 @@ cc_binary { shared_libs: [ "libsysutils", "libcutils", "libbase", "libpackagelistparser", "libprocessgroup", "libcap", ], cflags: [ "-Wextra", ], lto: { thin: true } } cc_binary { name: "auditctl", srcs: ["auditctl.cpp"], static_libs: [ "liblogd", srcs: [ "auditctl.cpp", "libaudit.cpp", ], shared_libs: ["libbase"], cflags: [ "-Wconversion", "-Wextra", ], } Loading
logd/libaudit.c→logd/libaudit.cpp +38 −74 Original line number Diff line number Diff line Loading @@ -18,11 +18,13 @@ * */ #include "libaudit.h" #include <errno.h> #include <string.h> #include <unistd.h> #include "libaudit.h" #include <limits> /** * Waits for an ack from the kernel Loading @@ -32,22 +34,15 @@ * This function returns 0 on success, else -errno. */ static int get_ack(int fd) { int rc; struct audit_message rep; /* Sanity check, this is an internal interface this shouldn't happen */ if (fd < 0) { return -EINVAL; } rc = audit_get_reply(fd, &rep, GET_REPLY_BLOCKING, MSG_PEEK); struct audit_message rep = {}; int rc = audit_get_reply(fd, &rep, GET_REPLY_BLOCKING, MSG_PEEK); if (rc < 0) { return rc; } if (rep.nlh.nlmsg_type == NLMSG_ERROR) { audit_get_reply(fd, &rep, GET_REPLY_BLOCKING, 0); rc = ((struct nlmsgerr*)rep.data)->error; rc = reinterpret_cast<struct nlmsgerr*>(rep.data)->error; if (rc) { return -rc; } Loading @@ -70,19 +65,11 @@ static int get_ack(int fd) { * This function returns a positive sequence number on success, else -errno. */ static int audit_send(int fd, int type, const void* data, size_t size) { int rc; static int16_t sequence = 0; struct audit_message req; struct sockaddr_nl addr; memset(&req, 0, sizeof(req)); memset(&addr, 0, sizeof(addr)); /* We always send netlink messaged */ addr.nl_family = AF_NETLINK; struct sockaddr_nl addr = {.nl_family = AF_NETLINK}; /* Set up the netlink headers */ req.nlh.nlmsg_type = type; struct audit_message req = {}; req.nlh.nlmsg_type = static_cast<uint16_t>(type); req.nlh.nlmsg_len = NLMSG_SPACE(size); req.nlh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; Loading @@ -107,29 +94,23 @@ static int audit_send(int fd, int type, const void* data, size_t size) { /* * Only increment the sequence number on a guarantee * you will send it to the kernel. * * Also, the sequence is defined as a u32 in the kernel * struct. Using an int here might not work on 32/64 bit splits. A * signed 64 bit value can overflow a u32..but a u32 * might not fit in the response, so we need to use s32. * Which is still kind of hackish since int could be 16 bits * in size. The only safe type to use here is a signed 16 * bit value. */ req.nlh.nlmsg_seq = ++sequence; /* While failing and its due to interrupts */ static uint32_t sequence = 0; if (sequence == std::numeric_limits<uint32_t>::max()) { sequence = 1; } else { sequence++; } req.nlh.nlmsg_seq = sequence; rc = TEMP_FAILURE_RETRY(sendto(fd, &req, req.nlh.nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr))); ssize_t rc = TEMP_FAILURE_RETRY( sendto(fd, &req, req.nlh.nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr))); /* Not all the bytes were sent */ if (rc < 0) { rc = -errno; goto out; return -errno; } else if ((uint32_t)rc != req.nlh.nlmsg_len) { rc = -EPROTO; goto out; return -EPROTO; } /* We sent all the bytes, get the ack */ Loading @@ -138,32 +119,22 @@ static int audit_send(int fd, int type, const void* data, size_t size) { /* If the ack failed, return the error, else return the sequence number */ rc = (rc == 0) ? (int)sequence : rc; out: /* Don't let sequence roll to negative */ if (sequence < 0) { sequence = 0; } return rc; } int audit_setup(int fd, pid_t pid) { int rc; struct audit_message rep; struct audit_status status; memset(&status, 0, sizeof(status)); /* * In order to set the auditd PID we send an audit message over the netlink * socket with the pid field of the status struct set to our current pid, * and the the mask set to AUDIT_STATUS_PID */ status.pid = pid; status.mask = AUDIT_STATUS_PID; struct audit_status status = { .mask = AUDIT_STATUS_PID, .pid = static_cast<uint32_t>(pid), }; /* Let the kernel know this pid will be registering for audit events */ rc = audit_send(fd, AUDIT_SET, &status, sizeof(status)); int rc = audit_send(fd, AUDIT_SET, &status, sizeof(status)); if (rc < 0) { return rc; } Loading @@ -178,6 +149,7 @@ int audit_setup(int fd, pid_t pid) { * so I went to non-blocking and it seemed to fix the bug. * Need to investigate further. */ struct audit_message rep = {}; audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); return 0; Loading @@ -188,27 +160,18 @@ int audit_open() { } int audit_rate_limit(int fd, uint32_t limit) { struct audit_status status; memset(&status, 0, sizeof(status)); status.mask = AUDIT_STATUS_RATE_LIMIT; status.rate_limit = limit; /* audit entries per second */ struct audit_status status = { .mask = AUDIT_STATUS_RATE_LIMIT, .rate_limit = limit, /* audit entries per second */ }; return audit_send(fd, AUDIT_SET, &status, sizeof(status)); } int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) { ssize_t len; int flags; int rc = 0; struct sockaddr_nl nladdr; socklen_t nladdrlen = sizeof(nladdr); if (fd < 0) { return -EBADF; } /* Set up the flags for recv from */ flags = (block == GET_REPLY_NONBLOCKING) ? MSG_DONTWAIT : 0; int flags = (block == GET_REPLY_NONBLOCKING) ? MSG_DONTWAIT : 0; flags |= peek; /* Loading @@ -216,19 +179,20 @@ int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) * the interface shows that EINTR can never be returned, other errors, * however, can be returned. */ len = TEMP_FAILURE_RETRY(recvfrom(fd, rep, sizeof(*rep), flags, (struct sockaddr*)&nladdr, &nladdrlen)); struct sockaddr_nl nladdr; socklen_t nladdrlen = sizeof(nladdr); ssize_t len = TEMP_FAILURE_RETRY( recvfrom(fd, rep, sizeof(*rep), flags, (struct sockaddr*)&nladdr, &nladdrlen)); /* * EAGAIN should be re-tried until success or another error manifests. */ if (len < 0) { rc = -errno; if (block == GET_REPLY_NONBLOCKING && rc == -EAGAIN) { if (block == GET_REPLY_NONBLOCKING && errno == EAGAIN) { /* If request is non blocking and errno is EAGAIN, just return 0 */ return 0; } return rc; return -errno; } if (nladdrlen != sizeof(nladdr)) { Loading @@ -242,10 +206,10 @@ int audit_get_reply(int fd, struct audit_message* rep, reply_t block, int peek) /* Check if the reply from the kernel was ok */ if (!NLMSG_OK(&rep->nlh, (size_t)len)) { rc = (len == sizeof(*rep)) ? -EFBIG : -EBADE; return len == sizeof(*rep) ? -EFBIG : -EBADE; } return rc; return 0; } void audit_close(int fd) { Loading
logd/libaudit.h +1 −4 Original line number Diff line number Diff line Loading @@ -17,8 +17,7 @@ * Written by William Roberts <w.roberts@sta.samsung.com> */ #ifndef _LIBAUDIT_H_ #define _LIBAUDIT_H_ #pragma once #include <stdint.h> #include <sys/cdefs.h> Loading Loading @@ -102,5 +101,3 @@ extern int audit_setup(int fd, pid_t pid); extern int audit_rate_limit(int fd, uint32_t limit); __END_DECLS #endif
