bp4a 12 03 01

logd/LogAudit.cpp

@@ -38,6 +38,7 @@
 #include <private/android_logger.h>
 
 #include "LogKlog.h"
+#include "LogListener.h"
 #include "LogUtils.h"
 #include "libaudit.h"
 
@@ -105,6 +106,12 @@ bool LogAudit::onDataAvailable(SocketClient* cli) {
         logDecodedPath(rep.data);
     }
 
+    if (rep.nlh.nlmsg_type == 1499) { // defined in kernel, in include/uapi/linux/audit.h
+        OnNotableMessage(NOTABLE_MSG_SELINUX_TSEC_FLAG_DENIAL, 0, 0, rep.data, rep.nlh.nlmsg_len);
+    }
+
+    logPrint("type=%d %.*s", rep.nlh.nlmsg_type, rep.nlh.nlmsg_len, rep.data);
+
     return true;
 }
 

logd/LogListener.cpp

@@ -22,8 +22,11 @@
 #include <sys/un.h>
 #include <unistd.h>
 
+#include <mutex>
 #include <thread>
 
+#include <android/os/logcat/ILogcatManagerService.h>
+#include <binder/IServiceManager.h>
 #include <cutils/sockets.h>
 #include <private/android_filesystem_config.h>
 #include <private/android_logger.h>
@@ -88,6 +91,46 @@ void LogListener::ThreadFunction() {
     }
 }
 
+std::mutex logcatManagerCheckLock;
+android::sp<android::os::logcat::ILogcatManagerService> logcatManager;
+
+void OnNotableMessage(const int type, const uid_t uid, const pid_t pid, const char* msg, const size_t msg_len) {
+    using namespace android;
+    using android::os::logcat::ILogcatManagerService;
+
+    for (int i = 0; i < 2; ++i) {
+        sp<ILogcatManagerService> lm = nullptr;
+        {
+            std::lock_guard<std::mutex> guard(logcatManagerCheckLock);
+            if (logcatManager == nullptr) {
+                logcatManager = interface_cast<ILogcatManagerService>(
+                        defaultServiceManager()->checkService(String16("logcat")));
+
+                if (logcatManager == nullptr) {
+                    // system_server hasn't started yet
+                    return;
+                }
+            }
+        }
+
+        static_assert(sizeof(char) == sizeof(uint8_t));
+        auto msg_u8 = reinterpret_cast<const uint8_t*>(msg);
+        std::vector<uint8_t> msgVec(msg_u8, msg_u8 + msg_len);
+
+        binder::Status status = logcatManager->onNotableMessage(type, uid, pid, msgVec);
+
+        if (status.isOk()) {
+            return;
+        }
+
+        {
+            std::lock_guard<std::mutex> guard(logcatManagerCheckLock);
+            // happens after system_server restart, which makes logcatManager reference stale
+            logcatManager = nullptr;
+        }
+    }
+}
+
 void LogListener::HandleDataUring() {
     void* payload = nullptr;
     size_t payload_len = 0;

logd/LogListener.h

@@ -36,3 +36,7 @@ class LogListener {
     int socket_;
     LogBuffer* logbuf_;
 };
+
+#define NOTABLE_MSG_SELINUX_TSEC_FLAG_DENIAL 0
+
+void OnNotableMessage(const int type, const uid_t uid, const pid_t pid, const char* msg, const size_t msg_len);

logd/LogReaderList.cpp

@@ -31,7 +31,7 @@ static sp<ILogcatManagerService> InitLogcatService() {
 }
 
 static sp<ILogcatManagerService> GetLogcatService() {
-    static sp<ILogcatManagerService> logcat_service = InitLogcatService();
+    sp<ILogcatManagerService> logcat_service = InitLogcatService();
 
     if (logcat_service == nullptr) {
         LOG(ERROR) << "Permission problem or fatal error occurs to get logcat service";

logd/LogSize.h

@@ -20,7 +20,7 @@
 
 #include <log/log.h>
 
-static constexpr size_t kDefaultLogBufferSize = 256 * 1024;
+static constexpr size_t kDefaultLogBufferSize = 512 * 1024;
 static constexpr size_t kLogBufferMinSize = 64 * 1024;
 static constexpr size_t kLogBufferMaxSize = 256 * 1024 * 1024;
 

logd/logd.rc

@@ -18,8 +18,8 @@ service logd-reinit /system/bin/logd --reinit
     group logd
     task_profiles ServiceCapacityLow
 
-# Limit SELinux denial generation, defaulting to 5/second
-service logd-auditctl /system/bin/auditctl -r ${persist.logd.audit.rate:-5}
+# Limit SELinux denial generation, defaulting to 50/second
+service logd-auditctl /system/bin/auditctl -r ${persist.logd.audit.rate:-50}
     oneshot
     disabled
     user logd