logd: Add klogd
- Add a klogd to collect the kernel logs and place them into a
new kernel log buffer
- Parse priority, tag and message from the kernel log messages.
- Turn off pruning for worst UID for the kernel log buffer
- Sniff for 'PM: suspend exit', 'PM: suspend enter' and
'Suspended for' messages and correct the internal definition
time correction against monotonic dynamically.
- Discern if we have monotonic or real time (delineation 1980) in
audit messages.
- perform appropriate math to correct the timestamp to be real time
- filter out any external sources of kernel logging
Change-Id: I8d4c7c5ac19f1f3218079ee3a05a50e2ca55f60d
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index caae54b..09cdb18 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -29,6 +29,7 @@
#include "libaudit.h"
#include "LogAudit.h"
+#include "LogKlog.h"
#define KMSG_PRIORITY(PRI) \
'<', \
@@ -121,6 +122,15 @@
&& (*cp == ':')) {
memcpy(timeptr + sizeof(audit_str) - 1, "0.0", 3);
memmove(timeptr + sizeof(audit_str) - 1 + 3, cp, strlen(cp) + 1);
+ //
+ // We are either in 1970ish (MONOTONIC) or 2015+ish (REALTIME) so to
+ // differentiate without prejudice, we use 1980 to delineate, earlier
+ // is monotonic, later is real.
+ //
+# define EPOCH_PLUS_10_YEARS (10 * 1461 / 4 * 24 * 60 * 60)
+ if (now.tv_sec < EPOCH_PLUS_10_YEARS) {
+ LogKlog::convertMonotonicToReal(now);
+ }
} else {
now.strptime("", ""); // side effect of setting CLOCK_REALTIME
}
@@ -223,7 +233,7 @@
int LogAudit::log(char *buf) {
char *audit = strstr(buf, " audit(");
if (!audit) {
- return -EXDEV;
+ return 0;
}
*audit = '\0';