Processing overhead for selinux violation messages is costly. We want
to deal with bursts of violations, but we have no intent of allowing
that sustained burst to go unabated as there is a cost of processing
and battery usage.
Tunables in libaudit.h are:
AUDIT_RATE_LIMIT_DEFAULT 20 /* acceptable burst rate */
AUDIT_RATE_LIMIT_BURST_DURATION 10 /* number of seconds of burst */
AUDIT_RATE_LIMIT_MAX 5 /* acceptable sustained rate */
Since we can only asymptotically handle DEFAULT rate, we set an upper
threshold of half way between the MAX and DEFAULT rate.
Default kernel audit subsystem message rate is set to 20 a second.
If sepolicy exceeds 125 violation messages over up to ten seconds
(>=~12/s), tell kernel audit subsystem to drop the rate to 5 messages
a second. If rate drops below 50 messages over the past ten seconds
(<5/s), tell kernel it is ok to increase the burst rate back to 20
messages a second.
Test: gTest logd-unit-tests --gtest_filter=logd.sepolicy_rate_limiter_*
Bug: 27878170
Change-Id: I843f8dcfbb3ecfbbe94a4865ea332c858e3be7f2
- Correct default tense for kernel or user logger
- harden code that parses the benchmark data
- give more meaning to the spam filter test
Change-Id: I97699037ca9d56718f53f08d22be79092fb431de
* Test statistics output, all four main log id types
are checked to be present, and output is properly
formatted with header (ascii new-line terminated
byte count) and trailer (newline formfeed) frames.
* On dev build test dgram_qlen, circumvent if
liblog benchmarks executed first though.
* Test if kernel and user space loggers are
present, and if any content has leaked to both.
* test benchmark and use it to verify worst UID pruning
Change-Id: I890c89f64825956f40108de806ed750b0170ac6c
Mark Salyzyn
Elliott Hughes