commit 0b9987a5e2fd2114731d75cb79bfd4bf03289bc4
author Mark Salyzyn <salyzyn@google.com> Fri Dec 04 10:59:45 2015 -0800
committer Mark Salyzyn <salyzyn@google.com> Tue Dec 08 11:28:27 2015 -0800
tree b2717b00aa0b2199e3bba7b828312c488790d6c2
parent fcd64fad2d6eb30b8ef33b2d952f9aae8e5daa3f

liblog: Add __android_log_security()

Return non-zero if ro.device_owner is set and not false
and persist.logd.security is true.

Bug: 26029733
Change-Id: Ie82ae11ae35e9c79017b6e873fefb39d79a1d4fe

include/log/log.h

diff --git a/include/log/log.h b/include/log/log.h
index 086d742..619bf23 100644
--- a/include/log/log.h
+++ b/include/log/log.h
@@ -620,6 +620,8 @@
  */
 int __android_log_is_loggable(int prio, const char *tag, int default_prio);
 
+int __android_log_security(); /* Device Owner is present */
+
 int __android_log_error_write(int tag, const char *subTag, int32_t uid, const char *data,
                               uint32_t dataLen);
 

liblog/log_is_loggable.c

diff --git a/liblog/log_is_loggable.c b/liblog/log_is_loggable.c
index 7fc01d9..854ecfa 100644
--- a/liblog/log_is_loggable.c
+++ b/liblog/log_is_loggable.c
@@ -45,6 +45,9 @@
     char c;
 };
 
+#define BOOLEAN_TRUE 0xFF
+#define BOOLEAN_FALSE 0xFE
+
 static void refresh_cache(struct cache *cache, const char *key)
 {
     uint32_t serial;
@@ -62,7 +65,16 @@
     }
     cache->serial = serial;
     __system_property_read(cache->pinfo, 0, buf);
-    cache->c = buf[0];
+    switch(buf[0]) {
+    case 't': case 'T':
+        cache->c = strcasecmp(buf + 1, "rue") ? buf[0] : BOOLEAN_TRUE;
+        break;
+    case 'f': case 'F':
+        cache->c = strcasecmp(buf + 1, "alse") ? buf[0] : BOOLEAN_FALSE;
+        break;
+    default:
+        cache->c = buf[0];
+    }
 }
 
 static int __android_log_level(const char *tag, int default_prio)
@@ -147,6 +159,7 @@
     case 'F': /* Not officially supported */
     case 'A':
     case 'S':
+    case BOOLEAN_FALSE: /* Not officially supported */
         break;
     default:
         /* clear '.' after log.tag */
@@ -180,6 +193,7 @@
     case 'E': return ANDROID_LOG_ERROR;
     case 'F': /* FALLTHRU */ /* Not officially supported */
     case 'A': return ANDROID_LOG_FATAL;
+    case BOOLEAN_FALSE: /* FALLTHRU */ /* Not Officially supported */
     case 'S': return -1; /* ANDROID_LOG_SUPPRESS */
     }
     return default_prio;
@@ -226,3 +240,36 @@
 
     return (tolower(c) == 'm') ? CLOCK_MONOTONIC : CLOCK_REALTIME;
 }
+
+/*
+ * security state generally remains constant, since a change is
+ * rare, we can accept a trylock failure gracefully.
+ */
+static pthread_mutex_t lock_security = PTHREAD_MUTEX_INITIALIZER;
+
+int __android_log_security()
+{
+    static struct cache r_do_cache = { NULL, -1, BOOLEAN_FALSE };
+    static struct cache p_security_cache = { NULL, -1, BOOLEAN_FALSE };
+    int retval;
+
+    if (pthread_mutex_trylock(&lock_security)) {
+        /* We are willing to accept some race in this context */
+        retval = (r_do_cache.c != BOOLEAN_FALSE) && r_do_cache.c &&
+                 (p_security_cache.c == BOOLEAN_TRUE);
+    } else {
+        static uint32_t serial;
+        uint32_t current_serial = __system_property_area_serial();
+        if (current_serial != serial) {
+            refresh_cache(&r_do_cache, "ro.device_owner");
+            refresh_cache(&p_security_cache, "persist.logd.security");
+            serial = current_serial;
+        }
+        retval = (r_do_cache.c != BOOLEAN_FALSE) && r_do_cache.c &&
+                 (p_security_cache.c == BOOLEAN_TRUE);
+
+        pthread_mutex_unlock(&lock_security);
+    }
+
+    return retval;
+}

liblog/tests/liblog_test.cpp

diff --git a/liblog/tests/liblog_test.cpp b/liblog/tests/liblog_test.cpp
index 110f1eb..597d8f6 100644
--- a/liblog/tests/liblog_test.cpp
+++ b/liblog/tests/liblog_test.cpp
@@ -164,6 +164,43 @@
     android_logger_list_close(logger_list);
 }
 
+TEST(liblog, __security) {
+    static const char persist_key[] = "persist.logd.security";
+    static const char readonly_key[] = "ro.device_owner";
+    static const char nothing_val[] = "_NOTHING_TO_SEE_HERE_";
+    char persist[PROP_VALUE_MAX];
+    char readonly[PROP_VALUE_MAX];
+
+    property_get(persist_key, persist, "");
+    property_get(readonly_key, readonly, nothing_val);
+
+    if (!strcmp(readonly, nothing_val)) {
+        EXPECT_FALSE(__android_log_security());
+        fprintf(stderr, "Warning, setting ro.device_owner to a domain\n");
+        property_set(readonly_key, "com.google.android.SecOps.DeviceOwner");
+    } else if (!strcasecmp(readonly, "false") || !readonly[0]) {
+        EXPECT_FALSE(__android_log_security());
+        return;
+    }
+
+    if (!strcasecmp(persist, "true")) {
+        EXPECT_TRUE(__android_log_security());
+    } else {
+        EXPECT_FALSE(__android_log_security());
+    }
+    property_set(persist_key, "TRUE");
+    EXPECT_TRUE(__android_log_security());
+    property_set(persist_key, "FALSE");
+    EXPECT_FALSE(__android_log_security());
+    property_set(persist_key, "true");
+    EXPECT_TRUE(__android_log_security());
+    property_set(persist_key, "false");
+    EXPECT_FALSE(__android_log_security());
+    property_set(persist_key, "");
+    EXPECT_FALSE(__android_log_security());
+    property_set(persist_key, persist);
+}
+
 static unsigned signaled;
 log_time signal_time;