logd: security buffer only AID_SYSTEM reader
- limit AID_SYSTEM uid or gid to read security buffer messages
- adjust liblog tests to reflect the reality of this adjustment
To fully test all security buffer paths and modes
$ su 0,0,0 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 1000,1000,1000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
$ su 2000,2000,2000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security*
ToDo: Integrate the above individually into the gTest Q/A testing
Bug: 26029733
Change-Id: Idcf5492db78fa6934ef6fb43f3ef861052675651
diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp
index 9e0d451..8c30f79 100644
--- a/logd/LogBuffer.cpp
+++ b/logd/LogBuffer.cpp
@@ -907,7 +907,8 @@
}
uint64_t LogBuffer::flushTo(
- SocketClient *reader, const uint64_t start, bool privileged,
+ SocketClient *reader, const uint64_t start,
+ bool privileged, bool security,
int (*filter)(const LogBufferElement *element, void *arg), void *arg) {
LogBufferElementCollection::iterator it;
uint64_t max = start;
@@ -938,6 +939,10 @@
continue;
}
+ if (!security && (element->getLogId() == LOG_ID_SECURITY)) {
+ continue;
+ }
+
if (element->getSequence() <= start) {
continue;
}