diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp index c7d75015..61423238 100644 --- a/logd/LogAudit.cpp +++ b/logd/LogAudit.cpp @@ -38,6 +38,7 @@ #include #include "LogKlog.h" +#include "LogListener.h" #include "LogUtils.h" #include "libaudit.h" @@ -105,6 +106,12 @@ bool LogAudit::onDataAvailable(SocketClient* cli) { logDecodedPath(rep.data); } + if (rep.nlh.nlmsg_type == 1499) { // defined in kernel, in include/uapi/linux/audit.h + OnNotableMessage(NOTABLE_MSG_SELINUX_TSEC_FLAG_DENIAL, 0, 0, rep.data, rep.nlh.nlmsg_len); + } + + logPrint("type=%d %.*s", rep.nlh.nlmsg_type, rep.nlh.nlmsg_len, rep.data); + return true; } diff --git a/logd/LogListener.cpp b/logd/LogListener.cpp index 5b67e83a..cce63978 100644 --- a/logd/LogListener.cpp +++ b/logd/LogListener.cpp @@ -22,8 +22,11 @@ #include #include +#include #include +#include +#include #include #include #include @@ -88,6 +91,46 @@ void LogListener::ThreadFunction() { } } +std::mutex logcatManagerCheckLock; +android::sp logcatManager; + +void OnNotableMessage(const int type, const uid_t uid, const pid_t pid, const char* msg, const size_t msg_len) { + using namespace android; + using android::os::logcat::ILogcatManagerService; + + for (int i = 0; i < 2; ++i) { + sp lm = nullptr; + { + std::lock_guard guard(logcatManagerCheckLock); + if (logcatManager == nullptr) { + logcatManager = interface_cast( + defaultServiceManager()->checkService(String16("logcat"))); + + if (logcatManager == nullptr) { + // system_server hasn't started yet + return; + } + } + } + + static_assert(sizeof(char) == sizeof(uint8_t)); + auto msg_u8 = reinterpret_cast(msg); + std::vector msgVec(msg_u8, msg_u8 + msg_len); + + binder::Status status = logcatManager->onNotableMessage(type, uid, pid, msgVec); + + if (status.isOk()) { + return; + } + + { + std::lock_guard guard(logcatManagerCheckLock); + // happens after system_server restart, which makes logcatManager reference stale + logcatManager = nullptr; + } + } +} + void LogListener::HandleDataUring() { void* payload = nullptr; size_t payload_len = 0; diff --git a/logd/LogListener.h b/logd/LogListener.h index e68f4ed7..d7a03c35 100644 --- a/logd/LogListener.h +++ b/logd/LogListener.h @@ -36,3 +36,7 @@ class LogListener { int socket_; LogBuffer* logbuf_; }; + +#define NOTABLE_MSG_SELINUX_TSEC_FLAG_DENIAL 0 + +void OnNotableMessage(const int type, const uid_t uid, const pid_t pid, const char* msg, const size_t msg_len); diff --git a/logd/LogReaderList.cpp b/logd/LogReaderList.cpp index c31aa279..d0b3e6dc 100644 --- a/logd/LogReaderList.cpp +++ b/logd/LogReaderList.cpp @@ -31,7 +31,7 @@ static sp InitLogcatService() { } static sp GetLogcatService() { - static sp logcat_service = InitLogcatService(); + sp logcat_service = InitLogcatService(); if (logcat_service == nullptr) { LOG(ERROR) << "Permission problem or fatal error occurs to get logcat service"; diff --git a/logd/LogSize.h b/logd/LogSize.h index d5716ff4..f1428a83 100644 --- a/logd/LogSize.h +++ b/logd/LogSize.h @@ -20,7 +20,7 @@ #include -static constexpr size_t kDefaultLogBufferSize = 256 * 1024; +static constexpr size_t kDefaultLogBufferSize = 512 * 1024; static constexpr size_t kLogBufferMinSize = 64 * 1024; static constexpr size_t kLogBufferMaxSize = 256 * 1024 * 1024; diff --git a/logd/logd.rc b/logd/logd.rc index a8fac0c2..234f1887 100644 --- a/logd/logd.rc +++ b/logd/logd.rc @@ -18,8 +18,8 @@ service logd-reinit /system/bin/logd --reinit group logd task_profiles ServiceCapacityLow -# Limit SELinux denial generation, defaulting to 5/second -service logd-auditctl /system/bin/auditctl -r ${persist.logd.audit.rate:-5} +# Limit SELinux denial generation, defaulting to 50/second +service logd-auditctl /system/bin/auditctl -r ${persist.logd.audit.rate:-50} oneshot disabled user logd