diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2018-05-03 14:57:39 -0700 |
|---|---|---|
| committer | Jeff Vander Stoep <jeffv@google.com> | 2018-05-03 22:40:18 -0700 |
| commit | d885890e7833a1e4570f615e6b103c5d51f25ae2 (patch) | |
| tree | 59568075dce1fcbda318e44d06b6d9c345bd005f /logd | |
| parent | b8716687f18475ae3fc18ca78e454547c2e22d1f (diff) | |
| download | system_core-d885890e7833a1e4570f615e6b103c5d51f25ae2.tar.gz system_core-d885890e7833a1e4570f615e6b103c5d51f25ae2.tar.bz2 system_core-d885890e7833a1e4570f615e6b103c5d51f25ae2.zip | |
Logd: include app package name in selinux metadata
Note: denial metadata is currently only included on debug builds.
avc: denied { read } for comm="getprop" name="u:object_r:net_dns_prop:s0"
dev="tmpfs" ino=19605 scontext=u:r:untrusted_app:s0:c164,c256,c512,c768
tcontext=u:object_r:net_dns_prop:s0 tclass=file permissive=0 b/12345678
app=android.selinuxtargetsdkcurrent.cts
Bug: 9496886
Bug: 68016944
Test: cts-tradefed run cts -m CtsSelinuxTargetSdkCurrentTestCases
Change-Id: I1700722a45b75d22f17ba4edc7b95cbaf99fdda8
Diffstat (limited to 'logd')
| -rwxr-xr-x | logd/LogAudit.cpp | 77 | ||||
| -rw-r--r-- | logd/LogAudit.h | 2 |
2 files changed, 43 insertions, 36 deletions
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp index 269db2ff0..27cd9a8cc 100755 --- a/logd/LogAudit.cpp +++ b/logd/LogAudit.cpp @@ -112,7 +112,7 @@ static inline bool hasMetadata(char* str, int str_len) { std::map<std::string, std::string> LogAudit::populateDenialMap() { std::ifstream bug_file("/system/etc/selinux/selinux_denial_metadata"); std::string line; - // allocate a map for the static map pointer in logParse to keep track of, + // allocate a map for the static map pointer in auditParse to keep track of, // this function only runs once std::map<std::string, std::string> denial_to_bug; if (bug_file.good()) { @@ -140,7 +140,8 @@ std::string LogAudit::denialParse(const std::string& denial, char terminator, return ""; } -void LogAudit::logParse(const std::string& string, std::string* bug_num) { +void LogAudit::auditParse(const std::string& string, uid_t uid, + std::string* bug_num) { if (!__android_log_is_debuggable()) { bug_num->assign(""); return; @@ -162,6 +163,11 @@ void LogAudit::logParse(const std::string& string, std::string* bug_num) { } else { bug_num->assign(""); } + + if (uid >= AID_APP_START && uid <= AID_APP_END) { + bug_num->append(" app="); + bug_num->append(android::uidToName(uid)); + } } int LogAudit::logPrint(const char* fmt, ...) { @@ -190,8 +196,27 @@ int LogAudit::logPrint(const char* fmt, ...) { while ((cp = strstr(str, " "))) { memmove(cp, cp + 1, strlen(cp + 1) + 1); } + pid_t pid = getpid(); + pid_t tid = gettid(); + uid_t uid = AID_LOGD; + static const char pid_str[] = " pid="; + char* pidptr = strstr(str, pid_str); + if (pidptr && isdigit(pidptr[sizeof(pid_str) - 1])) { + cp = pidptr + sizeof(pid_str) - 1; + pid = 0; + while (isdigit(*cp)) { + pid = (pid * 10) + (*cp - '0'); + ++cp; + } + tid = pid; + logbuf->wrlock(); + uid = logbuf->pidToUid(pid); + logbuf->unlock(); + memmove(pidptr, cp, strlen(cp) + 1); + } + bool info = strstr(str, " permissive=1") || strstr(str, " policy loaded "); - static std::string bug_metadata; + static std::string denial_metadata; if ((fdDmesg >= 0) && initialized) { struct iovec iov[4]; static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) }; @@ -228,8 +253,8 @@ int LogAudit::logPrint(const char* fmt, ...) { last_info ? sizeof(log_info) : sizeof(log_warning); iov[1].iov_base = last_str; iov[1].iov_len = strlen(last_str); - iov[2].iov_base = const_cast<char*>(bug_metadata.c_str()); - iov[2].iov_len = bug_metadata.length(); + iov[2].iov_base = const_cast<char*>(denial_metadata.c_str()); + iov[2].iov_len = denial_metadata.length(); if (count > 1) { iov[3].iov_base = const_cast<char*>(resume); iov[3].iov_len = strlen(resume); @@ -249,14 +274,14 @@ int LogAudit::logPrint(const char* fmt, ...) { last_info = info; } if (count == 0) { - logParse(str, &bug_metadata); + auditParse(str, uid, &denial_metadata); iov[0].iov_base = info ? const_cast<char*>(log_info) : const_cast<char*>(log_warning); iov[0].iov_len = info ? sizeof(log_info) : sizeof(log_warning); iov[1].iov_base = str; iov[1].iov_len = strlen(str); - iov[2].iov_base = const_cast<char*>(bug_metadata.c_str()); - iov[2].iov_len = bug_metadata.length(); + iov[2].iov_base = const_cast<char*>(denial_metadata.c_str()); + iov[2].iov_len = denial_metadata.length(); iov[3].iov_base = const_cast<char*>(newline); iov[3].iov_len = strlen(newline); @@ -269,9 +294,6 @@ int LogAudit::logPrint(const char* fmt, ...) { return 0; } - pid_t pid = getpid(); - pid_t tid = gettid(); - uid_t uid = AID_LOGD; log_time now; static const char audit_str[] = " audit("; @@ -296,29 +318,13 @@ int LogAudit::logPrint(const char* fmt, ...) { now = log_time(CLOCK_REALTIME); } - static const char pid_str[] = " pid="; - char* pidptr = strstr(str, pid_str); - if (pidptr && isdigit(pidptr[sizeof(pid_str) - 1])) { - cp = pidptr + sizeof(pid_str) - 1; - pid = 0; - while (isdigit(*cp)) { - pid = (pid * 10) + (*cp - '0'); - ++cp; - } - tid = pid; - logbuf->wrlock(); - uid = logbuf->pidToUid(pid); - logbuf->unlock(); - memmove(pidptr, cp, strlen(cp) + 1); - } - // log to events size_t str_len = strnlen(str, LOGGER_ENTRY_MAX_PAYLOAD); if (((fdDmesg < 0) || !initialized) && !hasMetadata(str, str_len)) - logParse(str, &bug_metadata); - str_len = (str_len + bug_metadata.length() <= LOGGER_ENTRY_MAX_PAYLOAD) - ? str_len + bug_metadata.length() + auditParse(str, uid, &denial_metadata); + str_len = (str_len + denial_metadata.length() <= LOGGER_ENTRY_MAX_PAYLOAD) + ? str_len + denial_metadata.length() : LOGGER_ENTRY_MAX_PAYLOAD; size_t message_len = str_len + sizeof(android_log_event_string_t); @@ -332,9 +338,9 @@ int LogAudit::logPrint(const char* fmt, ...) { event->header.tag = htole32(AUDITD_LOG_TAG); event->type = EVENT_TYPE_STRING; event->length = htole32(str_len); - memcpy(event->data, str, str_len - bug_metadata.length()); - memcpy(event->data + str_len - bug_metadata.length(), - bug_metadata.c_str(), bug_metadata.length()); + memcpy(event->data, str, str_len - denial_metadata.length()); + memcpy(event->data + str_len - denial_metadata.length(), + denial_metadata.c_str(), denial_metadata.length()); rc = logbuf->log( LOG_ID_EVENTS, now, uid, pid, tid, reinterpret_cast<char*>(event), @@ -380,7 +386,8 @@ int LogAudit::logPrint(const char* fmt, ...) { prefix_len = LOGGER_ENTRY_MAX_PAYLOAD; } size_t suffix_len = strnlen(ecomm, LOGGER_ENTRY_MAX_PAYLOAD - prefix_len); - message_len = str_len + prefix_len + suffix_len + bug_metadata.length() + 2; + message_len = + str_len + prefix_len + suffix_len + denial_metadata.length() + 2; if (main) { // begin scope for main buffer char newstr[message_len]; @@ -390,7 +397,7 @@ int LogAudit::logPrint(const char* fmt, ...) { strncpy(newstr + 1 + str_len, str, prefix_len); strncpy(newstr + 1 + str_len + prefix_len, ecomm, suffix_len); strncpy(newstr + 1 + str_len + prefix_len + suffix_len, - bug_metadata.c_str(), bug_metadata.length()); + denial_metadata.c_str(), denial_metadata.length()); rc = logbuf->log(LOG_ID_MAIN, now, uid, pid, tid, newstr, (message_len <= USHRT_MAX) ? (unsigned short)message_len diff --git a/logd/LogAudit.h b/logd/LogAudit.h index 590496610..c3d7a3ede 100644 --- a/logd/LogAudit.h +++ b/logd/LogAudit.h @@ -48,7 +48,7 @@ class LogAudit : public SocketListener { std::map<std::string, std::string> populateDenialMap(); std::string denialParse(const std::string& denial, char terminator, const std::string& search_term); - void logParse(const std::string& string, std::string* bug_num); + void auditParse(const std::string& string, uid_t uid, std::string* bug_num); int logPrint(const char* fmt, ...) __attribute__((__format__(__printf__, 2, 3))); }; |