From 3fe56e56a00ab342e6957f8d9e8ac841b62070d3 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Mon, 18 Sep 2023 13:45:26 +0300 Subject: [PATCH 1/5] support forwarding log entries to the system_server Change-Id: Ife45220cb2480d1e9810591519bce79a935b9aa5 --- logd/LogListener.cpp | 43 +++++++++++++++++++++++++++++++++++++++++++ logd/LogListener.h | 2 ++ 2 files changed, 45 insertions(+) diff --git a/logd/LogListener.cpp b/logd/LogListener.cpp index 5b67e83a..cce63978 100644 --- a/logd/LogListener.cpp +++ b/logd/LogListener.cpp @@ -22,8 +22,11 @@ #include #include +#include #include +#include +#include #include #include #include @@ -88,6 +91,46 @@ void LogListener::ThreadFunction() { } } +std::mutex logcatManagerCheckLock; +android::sp logcatManager; + +void OnNotableMessage(const int type, const uid_t uid, const pid_t pid, const char* msg, const size_t msg_len) { + using namespace android; + using android::os::logcat::ILogcatManagerService; + + for (int i = 0; i < 2; ++i) { + sp lm = nullptr; + { + std::lock_guard guard(logcatManagerCheckLock); + if (logcatManager == nullptr) { + logcatManager = interface_cast( + defaultServiceManager()->checkService(String16("logcat"))); + + if (logcatManager == nullptr) { + // system_server hasn't started yet + return; + } + } + } + + static_assert(sizeof(char) == sizeof(uint8_t)); + auto msg_u8 = reinterpret_cast(msg); + std::vector msgVec(msg_u8, msg_u8 + msg_len); + + binder::Status status = logcatManager->onNotableMessage(type, uid, pid, msgVec); + + if (status.isOk()) { + return; + } + + { + std::lock_guard guard(logcatManagerCheckLock); + // happens after system_server restart, which makes logcatManager reference stale + logcatManager = nullptr; + } + } +} + void LogListener::HandleDataUring() { void* payload = nullptr; size_t payload_len = 0; diff --git a/logd/LogListener.h b/logd/LogListener.h index e68f4ed7..ab77602a 100644 --- a/logd/LogListener.h +++ b/logd/LogListener.h @@ -36,3 +36,5 @@ class LogListener { int socket_; LogBuffer* logbuf_; }; + +void OnNotableMessage(const int type, const uid_t uid, const pid_t pid, const char* msg, const size_t msg_len); From 2465d5ab5842862fbb26a1f5c32d2a8c1e8e74e6 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Sat, 18 Nov 2023 13:15:20 +0200 Subject: [PATCH 2/5] forward SELINUX_TSEC_FLAG_DENIAL audit log entries to system_server These entries are written by the kernel when task is blocked from performing an operation that is protected by a SELinux TSEC (task security) flag. --- logd/LogAudit.cpp | 7 +++++++ logd/LogListener.h | 2 ++ 2 files changed, 9 insertions(+) diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp index c7d75015..61423238 100644 --- a/logd/LogAudit.cpp +++ b/logd/LogAudit.cpp @@ -38,6 +38,7 @@ #include #include "LogKlog.h" +#include "LogListener.h" #include "LogUtils.h" #include "libaudit.h" @@ -105,6 +106,12 @@ bool LogAudit::onDataAvailable(SocketClient* cli) { logDecodedPath(rep.data); } + if (rep.nlh.nlmsg_type == 1499) { // defined in kernel, in include/uapi/linux/audit.h + OnNotableMessage(NOTABLE_MSG_SELINUX_TSEC_FLAG_DENIAL, 0, 0, rep.data, rep.nlh.nlmsg_len); + } + + logPrint("type=%d %.*s", rep.nlh.nlmsg_type, rep.nlh.nlmsg_len, rep.data); + return true; } diff --git a/logd/LogListener.h b/logd/LogListener.h index ab77602a..d7a03c35 100644 --- a/logd/LogListener.h +++ b/logd/LogListener.h @@ -37,4 +37,6 @@ class LogListener { LogBuffer* logbuf_; }; +#define NOTABLE_MSG_SELINUX_TSEC_FLAG_DENIAL 0 + void OnNotableMessage(const int type, const uid_t uid, const pid_t pid, const char* msg, const size_t msg_len); From 342be5591067d5bf86e6c40d2233abb31f762951 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Mon, 20 Nov 2023 19:01:56 +0200 Subject: [PATCH 3/5] raise post-boot audit message rate limit from 5 to 50 per second This is needed for more reliable detection of SELINUX_TSEC_FLAG-related denials (they are printed to audit log). --- logd/logd.rc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logd/logd.rc b/logd/logd.rc index a8fac0c2..234f1887 100644 --- a/logd/logd.rc +++ b/logd/logd.rc @@ -18,8 +18,8 @@ service logd-reinit /system/bin/logd --reinit group logd task_profiles ServiceCapacityLow -# Limit SELinux denial generation, defaulting to 5/second -service logd-auditctl /system/bin/auditctl -r ${persist.logd.audit.rate:-5} +# Limit SELinux denial generation, defaulting to 50/second +service logd-auditctl /system/bin/auditctl -r ${persist.logd.audit.rate:-50} oneshot disabled user logd From 8de756bc44f704f9dc0ac9040d9c3a5b564fd8c3 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Mon, 7 Oct 2024 20:10:25 +0300 Subject: [PATCH 4/5] add missing handling of system_server restarts LogcatManagerService is hosted by system_server and reference to it becomes dangling after system_server restarts. This issue led to logcat viewer being broken in LogViewer app after system_server crash until full device reboot. --- logd/LogReaderList.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logd/LogReaderList.cpp b/logd/LogReaderList.cpp index c31aa279..d0b3e6dc 100644 --- a/logd/LogReaderList.cpp +++ b/logd/LogReaderList.cpp @@ -31,7 +31,7 @@ static sp InitLogcatService() { } static sp GetLogcatService() { - static sp logcat_service = InitLogcatService(); + sp logcat_service = InitLogcatService(); if (logcat_service == nullptr) { LOG(ERROR) << "Permission problem or fatal error occurs to get logcat service"; From 303d38999c67b903257ec952de2d9a17b51b7490 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Tue, 29 Oct 2024 19:49:26 +0200 Subject: [PATCH 5/5] increase log buffer size from 256 KiB to 512 KiB The default size is too small, which often leads to decreased usefulness of user-submitted logs. --- logd/LogSize.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logd/LogSize.h b/logd/LogSize.h index d5716ff4..f1428a83 100644 --- a/logd/LogSize.h +++ b/logd/LogSize.h @@ -20,7 +20,7 @@ #include -static constexpr size_t kDefaultLogBufferSize = 256 * 1024; +static constexpr size_t kDefaultLogBufferSize = 512 * 1024; static constexpr size_t kLogBufferMinSize = 64 * 1024; static constexpr size_t kLogBufferMaxSize = 256 * 1024 * 1024;