commit 989980c55d9a11766b8698a97ce5eef3d8cfa286
author Mark Salyzyn <salyzyn@google.com> Wed May 14 12:37:22 2014 -0700
committer Mark Salyzyn <salyzyn@google.com> Thu May 15 08:50:50 2014 -0700
tree 59a9ae76f160a724e9ca64c15cf768e736da6edf
parent 75a8eeb1ecf9f748b1d53e5ff3a5e138a0cdbebd

logd: logcat: debuggerd: auditd logs to events

- auditd switch to recording logs to events log id
- logcat add events as one of the default logs
- debuggerd collect events log as well.

ToDo: debuggerd & bugreport collect intermixed logs.

BUG: 14626551
Change-Id: I958f0e729b7596748be57488a38824db5645be7b

logd/LogAudit.cpp

diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index add0f0e..0651a92 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -54,9 +54,6 @@
     return true;
 }
 
-#define AUDIT_LOG_ID   LOG_ID_MAIN
-#define AUDIT_LOG_PRIO ANDROID_LOG_WARN
-
 int LogAudit::logPrint(const char *fmt, ...) {
     if (fmt == NULL) {
         return -EINVAL;
@@ -115,43 +112,30 @@
         strcpy(pidptr, cp);
     }
 
-    static const char comm_str[] = " comm=\"";
-    char *comm = strstr(str, comm_str);
-    if (comm) {
-        cp = comm;
-        comm += sizeof(comm_str) - 1;
-        char *ecomm = strchr(comm, '"');
-        if (ecomm) {
-            *ecomm = '\0';
-        }
-        comm = strdup(comm);
-        if (ecomm) {
-            strcpy(cp, ecomm + 1);
-        }
-    } else if (pid == getpid()) {
-        pid = tid;
-        comm = strdup("auditd");
-    } else if (!(comm = logbuf->pidToName(pid))) {
-        comm = strdup("unknown");
-    }
-
-    size_t l = strlen(comm) + 1;
-    size_t n = l + strlen(str) + 2;
+    size_t n = strlen(str);
+    n += sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t);
 
     char *newstr = reinterpret_cast<char *>(malloc(n));
     if (!newstr) {
-        free(comm);
         free(str);
         return -ENOMEM;
     }
 
-    *newstr = AUDIT_LOG_PRIO;
-    strcpy(newstr + 1, comm);
-    free(comm);
-    strcpy(newstr + 1 + l, str);
+    char *msg = newstr;
+    *msg++ = AUDITD_LOG_TAG & 0xFF;
+    *msg++ = (AUDITD_LOG_TAG >> 8) & 0xFF;
+    *msg++ = (AUDITD_LOG_TAG >> 16) & 0xFF;
+    *msg++ = (AUDITD_LOG_TAG >> 24) & 0xFF;
+    *msg++ = EVENT_TYPE_STRING;
+    size_t l = n - sizeof(uint32_t) - sizeof(uint8_t) - sizeof(uint32_t);
+    *msg++ = l & 0xFF;
+    *msg++ = (l >> 8) & 0xFF;
+    *msg++ = (l >> 16) & 0xFF;
+    *msg++ = (l >> 24) & 0xFF;
+    memcpy(msg, str, l);
     free(str);
 
-    logbuf->log(AUDIT_LOG_ID, now, uid, pid, tid, newstr,
+    logbuf->log(LOG_ID_EVENTS, now, uid, pid, tid, newstr,
                 (n <= USHRT_MAX) ? (unsigned short) n : USHRT_MAX);
     reader->notifyNewLog();