Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / d7aea443d9bc0b1f37a2c31d0d476d61ff41fb66^! / . / init / init.cpp
commitd7aea443d9bc0b1f37a2c31d0d476d61ff41fb66[log] [tgz]
authorWilliam Roberts <william.c.roberts@intel.com>Thu Oct 01 16:03:47 2015 -0700
committerWilliam Roberts <william.c.roberts@intel.com>Mon Oct 05 11:39:56 2015 -0700
treecc671c413d24b1e4169cbafc942ac29743ffc696
parentbd4f52b2e2d1f03e77e2bef7b40865b631c8d115 [diff] [blame]
property_service: log pid,uid and gid of setprop client

When auditing setprop denials, it is often unclear of who the process is
in a multi-process domain. To help identify the invoker, log the pid, uid,
and gid of the caller.

Before:
avc:  denied  { set } for property=wifi.xxx ...

After:
avc:  denied  { set } for property=wifi.xxx pid=30691 uid=123 gid=345 ...

Change-Id: I5cdcb3d18fbd52e0987b5e1497b9f6620c6c742a
Signed-off-by: William Roberts <william.c.roberts@intel.com>

diff --git a/init/init.cpp b/init/init.cpp
index ee1351d..a898b03 100644
--- a/init/init.cpp
+++ b/init/init.cpp

@@ -467,7 +467,16 @@
 }
 
 static int audit_callback(void *data, security_class_t /*cls*/, char *buf, size_t len) {
-    snprintf(buf, len, "property=%s", !data ? "NULL" : (char *)data);
+
+    property_audit_data *d = reinterpret_cast<property_audit_data*>(data);
+
+    if (!d || !d->name || !d->cr) {
+        ERROR("audit_callback invoked with null data arguments!");
+        return 0;
+    }
+
+    snprintf(buf, len, "property=%s pid=%d uid=%d gid=%d", d->name,
+            d->cr->pid, d->cr->uid, d->cr->gid);
     return 0;
 }