c39ba5ae32
Add the following mount options to the /proc filesystem: hidepid=2,gid=3009 This change blocks /proc access unless you're in group 3009 (aka AID_READPROC). Please see https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt for documentation on the hidepid option. hidepid=2 is preferred over hidepid=1 since it leaks less information and doesn't generate SELinux ptrace denials when trying to access /proc without being in the proper group. Add AID_READPROC to processes which need to access /proc entries for other UIDs. Bug: 23310674 Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa |
||
|---|---|---|
| .. | ||
| tests | ||
| Android.mk | ||
| CommandListener.cpp | ||
| CommandListener.h | ||
| FlushCommand.cpp | ||
| FlushCommand.h | ||
| LogAudit.cpp | ||
| LogAudit.h | ||
| LogBuffer.cpp | ||
| LogBuffer.h | ||
| LogBufferElement.cpp | ||
| LogBufferElement.h | ||
| LogCommand.cpp | ||
| LogCommand.h | ||
| LogKlog.cpp | ||
| LogKlog.h | ||
| LogListener.cpp | ||
| LogListener.h | ||
| LogReader.cpp | ||
| LogReader.h | ||
| LogStatistics.cpp | ||
| LogStatistics.h | ||
| LogTimes.cpp | ||
| LogTimes.h | ||
| LogUtils.h | ||
| LogWhiteBlackList.cpp | ||
| LogWhiteBlackList.h | ||
| README.auditd | ||
| README.property | ||
| event.logtags | ||
| libaudit.c | ||
| libaudit.h | ||
| logd.rc | ||
| main.cpp | ||
README.property
The properties that logd responds to are:
name type default description
logd.auditd bool true Enable selinux audit daemon
logd.auditd.dmesg bool true selinux audit messages duplicated and
sent on to dmesg log
logd.klogd bool depends Enable klogd daemon
logd.statistics bool depends Enable logcat -S statistics.
ro.config.low_ram bool false if true, logd.statistics & logd.klogd
default false
ro.build.type string if user, logd.statistics & logd.klogd
default false
persist.logd.logpersistd string Enable logpersist daemon, "logcatd"
turns on logcat -f in logd context
persist.logd.size number 256K Global default size of the buffer for
all log ids at initial startup, at
runtime use: logcat -b all -G <value>
persist.logd.size.main number 256K Size of the buffer for the main log
persist.logd.size.system number 256K Size of the buffer for the system log
persist.logd.size.radio number 256K Size of the buffer for the radio log
persist.logd.size.event number 256K Size of the buffer for the event log
persist.logd.size.crash number 256K Size of the buffer for the crash log
persist.logd.filter string Pruning filter to optimize content,
default is ro.logd.filter or
"~!" which means to prune the oldest
entries of chattiest UID. At runtime
use: logcat -P "<string>"
persist.logd.timestamp string The recording timestamp source. Default
is ro.logd.timestamp. "m[onotonic]" is
the only supported key character,
otherwise assumes realtime.
NB:
- Number support multipliers (K or M) for convenience. Range is limited
to between 64K and 256M for log buffer sizes. Individual log buffer ids
such as main, system, ... override global default.
- Pruning filter is of form of a space-separated list of [~][UID][/PID]
references, where '~' prefix means to blacklist otherwise whitelist. For
blacklisting, UID may be a '!' to instead reference the chattiest client.