logd: Add support for ro.logd.auditd.[main|events]

log selinux audit messages boolean (true or false, default true) selection for logging destinations: ro.logd.auditd - turn on logd.auditd to pick up violations. ro.logd.auditd.dmesg - to the kernel log. ro.logd.auditd.main - to the "main" log buffer. ro.logd.auditd.events - to the "events" log buffer. We used to also read logd.auditd.dmesg and persist.logd.auditd.dmesg which do not get refreshed when /data mounts internally. This is a confusing state as these properties will be read after a logd crash and restart, adjusting the behavior of the logger. Same can be said for logd.auditd as well. Drop reading these other parameters. Test: manual set r/o parameters, stop/start logd to confirm behavior Bug: 33969000 Bug: 27878170 Change-Id: I1a6bb4a903074c9aa7b227cf583a0094d49cbefd
author: Mark Salyzyn <salyzyn@google.com> 2016-12-29 15:16:06 -0800
committer: Mark Salyzyn <salyzyn@google.com> 2017-01-03 09:44:42 -0800
commit: ce80da301836cfa40c7a6424034f0743bbca9add (patch)
tree: 131bb0533c181d728fe6bc22c5f87995b71d08f7 /logd
parent: 10a7b9bb8ba3eaf61bac9e36e14bdedf1c5ea891 (diff)
download: system_core-ce80da301836cfa40c7a6424034f0743bbca9add.tar.gz
system_core-ce80da301836cfa40c7a6424034f0743bbca9add.tar.bz2
system_core-ce80da301836cfa40c7a6424034f0743bbca9add.zip
4 files changed, 21 insertions, 10 deletions
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index aa05932b0..c26716d55 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -47,6 +47,10 @@ LogAudit::LogAudit(LogBuffer *buf, LogReader *reader, int fdDmesg) :
         logbuf(buf),
         reader(reader),
         fdDmesg(fdDmesg),
+        main(__android_logger_property_get_bool("ro.logd.auditd.main",
+                                                BOOL_DEFAULT_TRUE)),
+        events(__android_logger_property_get_bool("ro.logd.auditd.events",
+                                                  BOOL_DEFAULT_TRUE)),
         initialized(false) {
     static const char auditd_message[] = { KMSG_PRIORITY(LOG_INFO),
         'l', 'o', 'g', 'd', '.', 'a', 'u', 'd', 'i', 't', 'd', ':',
@@ -172,6 +176,11 @@ int LogAudit::logPrint(const char *fmt, ...) {
         }
     }
 
+    if (!main && !events) {
+        free(str);
+        return 0;
+    }
+
     pid_t pid = getpid();
     pid_t tid = gettid();
     uid_t uid = AID_LOGD;
@@ -222,7 +231,7 @@ int LogAudit::logPrint(const char *fmt, ...) {
 
     bool notify = false;
 
-    {   // begin scope for event buffer
+    if (events) {   // begin scope for event buffer
         uint32_t buffer[(n + sizeof(uint32_t) - 1) / sizeof(uint32_t)];
 
         android_log_event_string_t *event
@@ -277,7 +286,7 @@ int LogAudit::logPrint(const char *fmt, ...) {
     size_t e = strnlen(ecomm, LOGGER_ENTRY_MAX_PAYLOAD - b);
     n = b + e + l + 2;
 
-    {   // begin scope for main buffer
+    if (main) {   // begin scope for main buffer
         char newstr[n];
 
         *newstr = info ? ANDROID_LOG_INFO : ANDROID_LOG_WARN;
diff --git a/logd/LogAudit.h b/logd/LogAudit.h
index ab30e2863..844951dae 100644
--- a/logd/LogAudit.h
+++ b/logd/LogAudit.h
@@ -26,7 +26,9 @@ class LogReader;
 class LogAudit : public SocketListener {
     LogBuffer *logbuf;
     LogReader *reader;
-    int fdDmesg;
+    int fdDmesg; // fdDmesg >= 0 is functionally bool dmesg
+    bool main;
+    bool events;
     bool initialized;
 
 public:
diff --git a/logd/README.property b/logd/README.property
index 791b1d5b9..de6767ad5 100644
--- a/logd/README.property
+++ b/logd/README.property
@@ -2,8 +2,9 @@ The properties that logd and friends react to are:
 
 name                       type default  description
 ro.logd.auditd             bool   true   Enable selinux audit daemon
-ro.logd.auditd.dmesg       bool   true   selinux audit messages duplicated and
-                                         sent on to dmesg log
+ro.logd.auditd.dmesg       bool   true   selinux audit messages sent to dmesg.
+ro.logd.auditd.main        bool   true   selinux audit messages sent to main.
+ro.logd.auditd.events      bool   true   selinux audit messages sent to events.
 persist.logd.security      bool   false  Enable security buffer.
 ro.device_owner            bool   false  Override persist.logd.security to false
 ro.logd.kernel             bool+ svelte+ Enable klogd daemon
diff --git a/logd/main.cpp b/logd/main.cpp
index c3343d785..5878f151e 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -451,9 +451,8 @@ int main(int argc, char *argv[]) {
         pthread_attr_destroy(&attr);
     }
 
-    bool auditd = __android_logger_property_get_bool("logd.auditd",
-                                                     BOOL_DEFAULT_TRUE |
-                                                     BOOL_DEFAULT_FLAG_PERSIST);
+    bool auditd = __android_logger_property_get_bool("ro.logd.auditd",
+                                                     BOOL_DEFAULT_TRUE);
     if (drop_privs(klogd, auditd) != 0) {
         return -1;
     }
@@ -513,8 +512,8 @@ int main(int argc, char *argv[]) {
     if (auditd) {
         al = new LogAudit(logBuf, reader,
                           __android_logger_property_get_bool(
-                              "logd.auditd.dmesg",
-                              BOOL_DEFAULT_TRUE | BOOL_DEFAULT_FLAG_PERSIST)
+                              "ro.logd.auditd.dmesg",
+                              BOOL_DEFAULT_TRUE)
                                   ? fdDmesg
                                   : -1);
     }
author	Mark Salyzyn <salyzyn@google.com>	2016-12-29 15:16:06 -0800
committer	Mark Salyzyn <salyzyn@google.com>	2017-01-03 09:44:42 -0800
commit	ce80da301836cfa40c7a6424034f0743bbca9add (patch)
tree	131bb0533c181d728fe6bc22c5f87995b71d08f7 /logd
parent	10a7b9bb8ba3eaf61bac9e36e14bdedf1c5ea891 (diff)
download	system_core-ce80da301836cfa40c7a6424034f0743bbca9add.tar.gz system_core-ce80da301836cfa40c7a6424034f0743bbca9add.tar.bz2 system_core-ce80da301836cfa40c7a6424034f0743bbca9add.zip