diff options
| author | Mark Salyzyn <salyzyn@google.com> | 2015-12-22 15:50:14 -0800 |
|---|---|---|
| committer | Mark Salyzyn <salyzyn@google.com> | 2015-12-30 10:07:19 -0800 |
| commit | 6aa21b225dd1600473388bd640443653d649420a (patch) | |
| tree | a39278fb5d0f06fb17d911adf4dc3b016fba9f87 /logd | |
| parent | a0140047525b3c12e9e64903fb7b85fea0d5a0f9 (diff) | |
| download | core-6aa21b225dd1600473388bd640443653d649420a.tar.gz core-6aa21b225dd1600473388bd640443653d649420a.tar.bz2 core-6aa21b225dd1600473388bd640443653d649420a.zip | |
logd: liblog: whitelist "snet_event_log"
Dangerous bridge to cross to whitelist, who is special, who is not?
Rationalized as these events are used to catch exploits on platform.
As it stands no one should be allowed to block any messages in the
security context, not even for development purposes.
Bug: 26178938
Change-Id: Ibdc76bc0fe29ba05be168b623af1c9f41d7edbd2
Diffstat (limited to 'logd')
| -rw-r--r-- | logd/Android.mk | 4 | ||||
| -rw-r--r-- | logd/LogBuffer.cpp | 12 |
2 files changed, 11 insertions, 5 deletions
diff --git a/logd/Android.mk b/logd/Android.mk index feca8d555..d19c2552b 100644 --- a/logd/Android.mk +++ b/logd/Android.mk @@ -38,7 +38,9 @@ LOCAL_SHARED_LIBRARIES := \ # event_flag := $(call event_logtags,auditd) # event_flag += $(call event_logtags,logd) # so make sure we do not regret hard-coding it as follows: -event_flag := -DAUDITD_LOG_TAG=1003 -DLOGD_LOG_TAG=1004 +event_flag := -DAUDITD_LOG_TAG=1003 \ + -DLOGD_LOG_TAG=1004 \ + -DSNET_EVENT_LOG_TAG=1397638484 LOCAL_CFLAGS := -Werror $(event_flag) diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp index ec323934b..1b829c602 100644 --- a/logd/LogBuffer.cpp +++ b/logd/LogBuffer.cpp @@ -205,16 +205,20 @@ int LogBuffer::log(log_id_t log_id, log_time realtime, LogBufferElement *elem = new LogBufferElement(log_id, realtime, uid, pid, tid, msg, len); - if (log_id != LOG_ID_SECURITY) { + if (log_id != LOG_ID_SECURITY) { // whitelist LOG_ID_SECURITY int prio = ANDROID_LOG_INFO; - const char *tag = NULL; + const char *tag = (const char *)-1; if (log_id == LOG_ID_EVENTS) { - tag = android::tagToName(elem->getTag()); + // whitelist "snet_event_log" + if (elem->getTag() != SNET_EVENT_LOG_TAG) { + tag = android::tagToName(elem->getTag()); + } } else { prio = *msg; tag = msg + 1; } - if (!__android_log_is_loggable(prio, tag, ANDROID_LOG_VERBOSE)) { + if ((tag != (const char *)-1) && + !__android_log_is_loggable(prio, tag, ANDROID_LOG_VERBOSE)) { // Log traffic received to total pthread_mutex_lock(&mLogElementsLock); stats.add(elem); |