logd: add a comment about untrusted content in the audit log
A single space character in search terms separates us from a denial of
service attack that forces the device into safe mode. This CL adds a
comment that hopefully stops the spaces from being accidentally deleted
in future.
Change-Id: I33b2632ef4211fa1688ac9c8f0cf7d0c667766c1
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index 9124bfd..4eb5e83 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -164,6 +164,10 @@
}
}
+ // Note: The audit log can include untrusted strings, but those containing
+ // "a control character, unprintable character, double quote mark, or a
+ // space" are hex encoded. The space character before the search term is
+ // therefore needed to prevent denial of service. Do not remove the space.
bool permissive = strstr(str, " enforcing=0") ||
strstr(str, " permissive=1");