logd: logcat: debuggerd: auditd logs to events
- auditd switch to recording logs to events log id
- logcat add events as one of the default logs
- debuggerd collect events log as well.
ToDo: debuggerd & bugreport collect intermixed logs.
BUG: 14626551
Change-Id: I958f0e729b7596748be57488a38824db5645be7b
diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp
index d0cefc7..6d51171 100755
--- a/debuggerd/tombstone.cpp
+++ b/debuggerd/tombstone.cpp
@@ -31,9 +31,10 @@
#include <private/android_filesystem_config.h>
+#include <cutils/properties.h>
#include <log/log.h>
#include <log/logger.h>
-#include <cutils/properties.h>
+#include <log/logprint.h>
#include <backtrace/Backtrace.h>
#include <backtrace/BacktraceMap.h>
@@ -459,6 +460,8 @@
// that don't match the specified pid, and writes them to the tombstone file.
//
// If "tail" is set, we only print the last few lines.
+static EventTagMap* g_eventTagMap = NULL;
+
static void dump_log_file(log_t* log, pid_t pid, const char* filename,
unsigned int tail) {
bool first = true;
@@ -521,7 +524,28 @@
if (!hdr_size) {
hdr_size = sizeof(log_entry.entry_v1);
}
- char* msg = (char *)log_entry.buf + hdr_size;
+ char* msg = reinterpret_cast<char*>(log_entry.buf) + hdr_size;
+
+ char timeBuf[32];
+ time_t sec = static_cast<time_t>(entry->sec);
+ struct tm tmBuf;
+ struct tm* ptm;
+ ptm = localtime_r(&sec, &tmBuf);
+ strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm);
+
+ if (log_entry.id() == LOG_ID_EVENTS) {
+ if (!g_eventTagMap) {
+ g_eventTagMap = android_openEventTagMap(EVENT_TAG_MAP_FILE);
+ }
+ AndroidLogEntry e;
+ char buf[512];
+ android_log_processBinaryLogBuffer(entry, &e, g_eventTagMap, buf, sizeof(buf));
+ _LOG(log, 0, "%s.%03d %5d %5d %c %-8s: %s\n",
+ timeBuf, entry->nsec / 1000000, entry->pid, entry->tid,
+ 'I', e.tag, e.message);
+ continue;
+ }
+
unsigned char prio = msg[0];
char* tag = msg + 1;
msg = tag + strlen(tag) + 1;
@@ -534,13 +558,6 @@
char prioChar = (prio < strlen(kPrioChars) ? kPrioChars[prio] : '?');
- char timeBuf[32];
- time_t sec = static_cast<time_t>(entry->sec);
- struct tm tmBuf;
- struct tm* ptm;
- ptm = localtime_r(&sec, &tmBuf);
- strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm);
-
// Look for line breaks ('\n') and display each text line
// on a separate line, prefixed with the header, like logcat does.
do {
@@ -565,6 +582,7 @@
static void dump_logs(log_t* log, pid_t pid, unsigned tail) {
dump_log_file(log, pid, "system", tail);
dump_log_file(log, pid, "main", tail);
+ dump_log_file(log, pid, "events", tail);
}
static void dump_abort_message(Backtrace* backtrace, log_t* log, uintptr_t address) {
diff --git a/logcat/logcat.cpp b/logcat/logcat.cpp
index db4fddd..ed2c241 100644
--- a/logcat/logcat.cpp
+++ b/logcat/logcat.cpp
@@ -623,20 +623,21 @@
}
if (!devices) {
- devices = new log_device_t("main", false, 'm');
+ dev = devices = new log_device_t("main", false, 'm');
android::g_devCount = 1;
if (android_name_to_log_id("system") == LOG_ID_SYSTEM) {
- devices->next = new log_device_t("system", false, 's');
+ dev = dev->next = new log_device_t("system", false, 's');
android::g_devCount++;
}
if (android_name_to_log_id("crash") == LOG_ID_CRASH) {
- if (devices->next) {
- devices->next->next = new log_device_t("crash", false, 'c');
- } else {
- devices->next = new log_device_t("crash", false, 'c');
- }
+ dev = dev->next = new log_device_t("crash", false, 'c');
android::g_devCount++;
}
+ if (android_name_to_log_id("events") == LOG_ID_EVENTS) {
+ dev = dev->next = new log_device_t("events", true, 'e');
+ android::g_devCount++;
+ needBinary = true;
+ }
}
if (android::g_logRotateSizeKBytes != 0
diff --git a/logd/Android.mk b/logd/Android.mk
index 9f4c64f..188511f 100644
--- a/logd/Android.mk
+++ b/logd/Android.mk
@@ -17,7 +17,8 @@
LogStatistics.cpp \
LogWhiteBlackList.cpp \
libaudit.c \
- LogAudit.cpp
+ LogAudit.cpp \
+ event.logtags
LOCAL_SHARED_LIBRARIES := \
libsysutils \
@@ -25,7 +26,7 @@
libcutils \
libutils
-LOCAL_CFLAGS := -Werror
+LOCAL_CFLAGS := -Werror $(shell sed -n 's/^\([0-9]*\)[ \t]*auditd[ \t].*/-DAUDITD_LOG_TAG=\1/p' $(LOCAL_PATH)/event.logtags)
include $(BUILD_EXECUTABLE)
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index add0f0e..0651a92 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -54,9 +54,6 @@
return true;
}
-#define AUDIT_LOG_ID LOG_ID_MAIN
-#define AUDIT_LOG_PRIO ANDROID_LOG_WARN
-
int LogAudit::logPrint(const char *fmt, ...) {
if (fmt == NULL) {
return -EINVAL;
@@ -115,43 +112,30 @@
strcpy(pidptr, cp);
}
- static const char comm_str[] = " comm=\"";
- char *comm = strstr(str, comm_str);
- if (comm) {
- cp = comm;
- comm += sizeof(comm_str) - 1;
- char *ecomm = strchr(comm, '"');
- if (ecomm) {
- *ecomm = '\0';
- }
- comm = strdup(comm);
- if (ecomm) {
- strcpy(cp, ecomm + 1);
- }
- } else if (pid == getpid()) {
- pid = tid;
- comm = strdup("auditd");
- } else if (!(comm = logbuf->pidToName(pid))) {
- comm = strdup("unknown");
- }
-
- size_t l = strlen(comm) + 1;
- size_t n = l + strlen(str) + 2;
+ size_t n = strlen(str);
+ n += sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t);
char *newstr = reinterpret_cast<char *>(malloc(n));
if (!newstr) {
- free(comm);
free(str);
return -ENOMEM;
}
- *newstr = AUDIT_LOG_PRIO;
- strcpy(newstr + 1, comm);
- free(comm);
- strcpy(newstr + 1 + l, str);
+ char *msg = newstr;
+ *msg++ = AUDITD_LOG_TAG & 0xFF;
+ *msg++ = (AUDITD_LOG_TAG >> 8) & 0xFF;
+ *msg++ = (AUDITD_LOG_TAG >> 16) & 0xFF;
+ *msg++ = (AUDITD_LOG_TAG >> 24) & 0xFF;
+ *msg++ = EVENT_TYPE_STRING;
+ size_t l = n - sizeof(uint32_t) - sizeof(uint8_t) - sizeof(uint32_t);
+ *msg++ = l & 0xFF;
+ *msg++ = (l >> 8) & 0xFF;
+ *msg++ = (l >> 16) & 0xFF;
+ *msg++ = (l >> 24) & 0xFF;
+ memcpy(msg, str, l);
free(str);
- logbuf->log(AUDIT_LOG_ID, now, uid, pid, tid, newstr,
+ logbuf->log(LOG_ID_EVENTS, now, uid, pid, tid, newstr,
(n <= USHRT_MAX) ? (unsigned short) n : USHRT_MAX);
reader->notifyNewLog();
diff --git a/logd/event.logtags b/logd/event.logtags
new file mode 100644
index 0000000..a63f034
--- /dev/null
+++ b/logd/event.logtags
@@ -0,0 +1,36 @@
+# The entries in this file map a sparse set of log tag numbers to tag names.
+# This is installed on the device, in /system/etc, and parsed by logcat.
+#
+# Tag numbers are decimal integers, from 0 to 2^31. (Let's leave the
+# negative values alone for now.)
+#
+# Tag names are one or more ASCII letters and numbers or underscores, i.e.
+# "[A-Z][a-z][0-9]_". Do not include spaces or punctuation (the former
+# impacts log readability, the latter makes regex searches more annoying).
+#
+# Tag numbers and names are separated by whitespace. Blank lines and lines
+# starting with '#' are ignored.
+#
+# Optionally, after the tag names can be put a description for the value(s)
+# of the tag. Description are in the format
+# (<name>|data type[|data unit])
+# Multiple values are separated by commas.
+#
+# The data type is a number from the following values:
+# 1: int
+# 2: long
+# 3: string
+# 4: list
+#
+# The data unit is a number taken from the following list:
+# 1: Number of objects
+# 2: Number of bytes
+# 3: Number of milliseconds
+# 4: Number of allocations
+# 5: Id
+# 6: Percent
+# Default value for data of type int/long is 2 (bytes).
+#
+# TODO: generate ".java" and ".h" files with integer constants from this file.
+
+1003 auditd (avc|3)