Merge "add a new trigger for launching the bpfloader"
diff --git a/adb/client/bugreport.cpp b/adb/client/bugreport.cpp
index e162aaa..f2e722a 100644
--- a/adb/client/bugreport.cpp
+++ b/adb/client/bugreport.cpp
@@ -104,7 +104,9 @@
SetLineMessage("pulling");
status_ =
br_->DoSyncPull(srcs, destination.c_str(), false, line_message_.c_str()) ? 0 : 1;
- if (status_ != 0) {
+ if (status_ == 0) {
+ printf("Bug report copied to %s\n", destination.c_str());
+ } else {
fprintf(stderr,
"Bug report finished but could not be copied to '%s'.\n"
"Try to run 'adb pull %s <directory>'\n"
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 0e9713d..86cf30d 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -992,10 +992,69 @@
fb->GetVar("partition-type:vbmeta_b", &partition_type) == fastboot::SUCCESS;
}
+static std::string fb_fix_numeric_var(std::string var) {
+ // Some bootloaders (angler, for example), send spurious leading whitespace.
+ var = android::base::Trim(var);
+ // Some bootloaders (hammerhead, for example) use implicit hex.
+ // This code used to use strtol with base 16.
+ if (!android::base::StartsWith(var, "0x")) var = "0x" + var;
+ return var;
+}
+
+static void copy_boot_avb_footer(const std::string& partition, struct fastboot_buffer* buf) {
+ if (buf->sz < AVB_FOOTER_SIZE) {
+ return;
+ }
+
+ std::string partition_size_str;
+ if (fb->GetVar("partition-size:" + partition, &partition_size_str) != fastboot::SUCCESS) {
+ die("cannot get boot partition size");
+ }
+
+ partition_size_str = fb_fix_numeric_var(partition_size_str);
+ int64_t partition_size;
+ if (!android::base::ParseInt(partition_size_str, &partition_size)) {
+ die("Couldn't parse partition size '%s'.", partition_size_str.c_str());
+ }
+ if (partition_size == buf->sz) {
+ return;
+ }
+ if (partition_size < buf->sz) {
+ die("boot partition is smaller than boot image");
+ }
+
+ std::string data;
+ if (!android::base::ReadFdToString(buf->fd, &data)) {
+ die("Failed reading from boot");
+ }
+
+ uint64_t footer_offset = buf->sz - AVB_FOOTER_SIZE;
+ if (0 != data.compare(footer_offset, AVB_FOOTER_MAGIC_LEN, AVB_FOOTER_MAGIC)) {
+ return;
+ }
+
+ int fd = make_temporary_fd("boot rewriting");
+ if (!android::base::WriteStringToFd(data, fd)) {
+ die("Failed writing to modified boot");
+ }
+ lseek(fd, partition_size - AVB_FOOTER_SIZE, SEEK_SET);
+ if (!android::base::WriteStringToFd(data.substr(footer_offset), fd)) {
+ die("Failed copying AVB footer in boot");
+ }
+ close(buf->fd);
+ buf->fd = fd;
+ buf->sz = partition_size;
+ lseek(fd, 0, SEEK_SET);
+}
+
static void flash_buf(const std::string& partition, struct fastboot_buffer *buf)
{
sparse_file** s;
+ if (partition == "boot" || partition == "boot_a" || partition == "boot_b") {
+ copy_boot_avb_footer(partition, buf);
+ }
+
// Rewrite vbmeta if that's what we're flashing and modification has been requested.
if (g_disable_verity || g_disable_verification) {
if (partition == "vbmeta" || partition == "vbmeta_a" || partition == "vbmeta_b") {
@@ -1491,15 +1550,6 @@
fb->RawCommand(command, "");
}
-static std::string fb_fix_numeric_var(std::string var) {
- // Some bootloaders (angler, for example), send spurious leading whitespace.
- var = android::base::Trim(var);
- // Some bootloaders (hammerhead, for example) use implicit hex.
- // This code used to use strtol with base 16.
- if (!android::base::StartsWith(var, "0x")) var = "0x" + var;
- return var;
-}
-
static unsigned fb_get_flash_block_size(std::string name) {
std::string sizeString;
if (fb->GetVar(name, &sizeString) != fastboot::SUCCESS || sizeString.empty()) {
diff --git a/libbacktrace/Android.bp b/libbacktrace/Android.bp
index f75e8df..c7969f2 100644
--- a/libbacktrace/Android.bp
+++ b/libbacktrace/Android.bp
@@ -96,6 +96,8 @@
cc_library {
name: "libbacktrace",
vendor_available: false,
+ // TODO(b/153609531): remove when no longer needed.
+ native_bridge_supported: true,
recovery_available: true,
apex_available: [
"//apex_available:platform",
@@ -120,6 +122,9 @@
recovery: {
cflags: ["-DNO_LIBDEXFILE_SUPPORT"],
},
+ native_bridge: {
+ cflags: ["-DNO_LIBDEXFILE_SUPPORT"],
+ },
},
}
diff --git a/liblog/logprint.cpp b/liblog/logprint.cpp
index 238431f..a5c5edd 100644
--- a/liblog/logprint.cpp
+++ b/liblog/logprint.cpp
@@ -78,18 +78,21 @@
static bool descriptive_output = false;
/*
- * gnome-terminal color tags
- * See http://misc.flogisoft.com/bash/tip_colors_and_formatting
- * for ideas on how to set the forground color of the text for xterm.
- * The color manipulation character stream is defined as:
- * ESC [ 3 8 ; 5 ; <color#> m
+ * 8-bit color tags. See ECMA-48 Set Graphics Rendition in
+ * [console_codes(4)](https://man7.org/linux/man-pages/man4/console_codes.4.html).
+ *
+ * The text manipulation character stream is defined as:
+ * ESC [ <parameter #> m
+ *
+ * We use "set <color> foreground" escape sequences instead of
+ * "256/24-bit foreground color". This allows colors to render
+ * according to user preferences in terminal emulator settings
*/
-#define ANDROID_COLOR_BLUE 75
-#define ANDROID_COLOR_DEFAULT 231
-#define ANDROID_COLOR_GREEN 40
-#define ANDROID_COLOR_ORANGE 166
-#define ANDROID_COLOR_RED 196
-#define ANDROID_COLOR_YELLOW 226
+#define ANDROID_COLOR_BLUE 34
+#define ANDROID_COLOR_DEFAULT 39
+#define ANDROID_COLOR_GREEN 32
+#define ANDROID_COLOR_RED 31
+#define ANDROID_COLOR_YELLOW 33
static FilterInfo* filterinfo_new(const char* tag, android_LogPriority pri) {
FilterInfo* p_ret;
@@ -165,7 +168,7 @@
case ANDROID_LOG_VERBOSE: return ANDROID_COLOR_DEFAULT;
case ANDROID_LOG_DEBUG: return ANDROID_COLOR_BLUE;
case ANDROID_LOG_INFO: return ANDROID_COLOR_GREEN;
- case ANDROID_LOG_WARN: return ANDROID_COLOR_ORANGE;
+ case ANDROID_LOG_WARN: return ANDROID_COLOR_YELLOW;
case ANDROID_LOG_ERROR: return ANDROID_COLOR_RED;
case ANDROID_LOG_FATAL: return ANDROID_COLOR_RED;
case ANDROID_LOG_SILENT: return ANDROID_COLOR_DEFAULT;
@@ -1499,7 +1502,7 @@
*/
if (p_format->colored_output) {
prefixLen =
- snprintf(prefixBuf, sizeof(prefixBuf), "\x1B[38;5;%dm", colorFromPri(entry->priority));
+ snprintf(prefixBuf, sizeof(prefixBuf), "\x1B[%dm", colorFromPri(entry->priority));
prefixLen = MIN(prefixLen, sizeof(prefixBuf));
const char suffixContents[] = "\x1B[0m";
diff --git a/libprocinfo/Android.bp b/libprocinfo/Android.bp
index 15b0d89..ae45742 100644
--- a/libprocinfo/Android.bp
+++ b/libprocinfo/Android.bp
@@ -27,6 +27,8 @@
name: "libprocinfo",
defaults: ["libprocinfo_defaults"],
vendor_available: true,
+ // TODO(b/153609531): remove when no longer needed.
+ native_bridge_supported: true,
recovery_available: true,
vndk: {
enabled: true,
diff --git a/libunwindstack/Android.bp b/libunwindstack/Android.bp
index 3c44534..19c22c8 100644
--- a/libunwindstack/Android.bp
+++ b/libunwindstack/Android.bp
@@ -124,6 +124,8 @@
name: "libunwindstack",
vendor_available: true,
recovery_available: true,
+ // TODO(b/153609531): remove when no longer needed.
+ native_bridge_supported: true,
vndk: {
enabled: true,
support_system_process: true,
@@ -145,6 +147,11 @@
exclude_srcs: ["DexFile.cpp"],
exclude_shared_libs: ["libdexfile_support"],
},
+ native_bridge: {
+ cflags: ["-UDEXFILE_SUPPORT"],
+ exclude_srcs: ["DexFile.cpp"],
+ exclude_shared_libs: ["libdexfile_support"],
+ },
},
apex_available: [
diff --git a/libutils/Android.bp b/libutils/Android.bp
index ea39d34..7392806 100644
--- a/libutils/Android.bp
+++ b/libutils/Android.bp
@@ -169,6 +169,8 @@
cc_library {
name: "libutilscallstack",
defaults: ["libutils_defaults"],
+ // TODO(b/153609531): remove when no longer needed.
+ native_bridge_supported: true,
srcs: [
"CallStack.cpp",
diff --git a/logcat/logcat.cpp b/logcat/logcat.cpp
index cf98dad..d15fa2b 100644
--- a/logcat/logcat.cpp
+++ b/logcat/logcat.cpp
@@ -402,8 +402,8 @@
" time — Display the date, invocation time, priority/tag, and PID of the\n"
" process issuing the message.\n"
"\nAdverb modifiers can be used in combination:\n"
- " color — Display in highlighted color to match priority. i.e. \x1B[38;5;231mVERBOSE\n"
- " \x1B[38;5;75mDEBUG \x1B[38;5;40mINFO \x1B[38;5;166mWARNING \x1B[38;5;196mERROR FATAL\x1B[0m\n"
+ " color — Display in highlighted color to match priority. i.e. \x1B[39mVERBOSE\n"
+ " \x1B[34mDEBUG \x1B[32mINFO \x1B[33mWARNING \x1B[31mERROR FATAL\x1B[0m\n"
" descriptive — events logs only, descriptions from event-log-tags database.\n"
" epoch — Display time as seconds since Jan 1 1970.\n"
" monotonic — Display time as cpu seconds since last boot.\n"
diff --git a/logd/LogTags.cpp b/logd/LogTags.cpp
index 8e18f9d..1b7107f 100644
--- a/logd/LogTags.cpp
+++ b/logd/LogTags.cpp
@@ -276,7 +276,9 @@
cp++;
}
} else if (warn) {
+#ifdef __ANDROID__
LOG(ERROR) << "Cannot read " << filename;
+#endif
}
}
diff --git a/logd/SerializedLogBuffer.cpp b/logd/SerializedLogBuffer.cpp
index 70b800f..ea9feec 100644
--- a/logd/SerializedLogBuffer.cpp
+++ b/logd/SerializedLogBuffer.cpp
@@ -16,8 +16,9 @@
#include "SerializedLogBuffer.h"
+#include <sys/prctl.h>
+
#include <limits>
-#include <thread>
#include <android-base/logging.h>
#include <android-base/scopeguard.h>
@@ -31,7 +32,11 @@
Init();
}
-SerializedLogBuffer::~SerializedLogBuffer() {}
+SerializedLogBuffer::~SerializedLogBuffer() {
+ if (deleter_thread_.joinable()) {
+ deleter_thread_.join();
+ }
+}
void SerializedLogBuffer::Init() {
log_id_for_each(i) {
@@ -119,15 +124,44 @@
}
}
+void SerializedLogBuffer::StartDeleterThread() {
+ if (deleter_thread_running_) {
+ return;
+ }
+ if (deleter_thread_.joinable()) {
+ deleter_thread_.join();
+ }
+ auto new_thread = std::thread([this] { DeleterThread(); });
+ deleter_thread_.swap(new_thread);
+ deleter_thread_running_ = true;
+}
+
// Decompresses the chunks, call LogStatistics::Subtract() on each entry, then delete the chunks and
// the list. Note that the SerializedLogChunk objects have been removed from logs_ and their
// references have been deleted from any SerializedFlushToState objects, so this can be safely done
-// without holding lock_. It is done in a separate thread to avoid delaying the writer thread. The
-// lambda for the thread takes ownership of the 'chunks' list and thus when the thread ends and the
-// lambda is deleted, the objects are deleted.
-void SerializedLogBuffer::DeleteLogChunks(std::list<SerializedLogChunk>&& chunks, log_id_t log_id) {
- auto delete_thread = std::thread{[chunks = std::move(chunks), log_id, this]() mutable {
- for (auto& chunk : chunks) {
+// without holding lock_. It is done in a separate thread to avoid delaying the writer thread.
+void SerializedLogBuffer::DeleterThread() {
+ prctl(PR_SET_NAME, "logd.deleter");
+ while (true) {
+ std::list<SerializedLogChunk> local_chunks_to_delete;
+ log_id_t log_id;
+ {
+ auto lock = std::lock_guard{lock_};
+ log_id_for_each(i) {
+ if (!chunks_to_delete_[i].empty()) {
+ local_chunks_to_delete = std::move(chunks_to_delete_[i]);
+ chunks_to_delete_[i].clear();
+ log_id = i;
+ break;
+ }
+ }
+ if (local_chunks_to_delete.empty()) {
+ deleter_thread_running_ = false;
+ return;
+ }
+ }
+
+ for (auto& chunk : local_chunks_to_delete) {
chunk.IncReaderRefCount();
int read_offset = 0;
while (read_offset < chunk.write_offset()) {
@@ -137,8 +171,7 @@
}
chunk.DecReaderRefCount(false);
}
- }};
- delete_thread.detach();
+ }
}
void SerializedLogBuffer::NotifyReadersOfPrune(
@@ -164,13 +197,9 @@
}
}
+ StartDeleterThread();
+
auto& log_buffer = logs_[log_id];
-
- std::list<SerializedLogChunk> chunks_to_prune;
- auto prune_chunks = android::base::make_scope_guard([&chunks_to_prune, log_id, this] {
- DeleteLogChunks(std::move(chunks_to_prune), log_id);
- });
-
auto it = log_buffer.begin();
while (it != log_buffer.end()) {
if (oldest != nullptr && it->highest_sequence_number() >= oldest->start()) {
@@ -193,7 +222,8 @@
}
} else {
size_t buffer_size = it_to_prune->PruneSize();
- chunks_to_prune.splice(chunks_to_prune.end(), log_buffer, it_to_prune);
+ chunks_to_delete_[log_id].splice(chunks_to_delete_[log_id].end(), log_buffer,
+ it_to_prune);
if (buffer_size >= bytes_to_free) {
return true;
}
diff --git a/logd/SerializedLogBuffer.h b/logd/SerializedLogBuffer.h
index 346f51f..421d419 100644
--- a/logd/SerializedLogBuffer.h
+++ b/logd/SerializedLogBuffer.h
@@ -21,6 +21,7 @@
#include <list>
#include <mutex>
#include <queue>
+#include <thread>
#include <vector>
#include <android-base/thread_annotations.h>
@@ -60,7 +61,9 @@
REQUIRES_SHARED(lock_);
void NotifyReadersOfPrune(log_id_t log_id, const std::list<SerializedLogChunk>::iterator& chunk)
REQUIRES(reader_list_->reader_threads_lock());
- void DeleteLogChunks(std::list<SerializedLogChunk>&& chunks, log_id_t log_id);
+
+ void StartDeleterThread() REQUIRES(lock_);
+ void DeleterThread();
LogReaderList* reader_list_;
LogTags* tags_;
@@ -70,5 +73,9 @@
std::list<SerializedLogChunk> logs_[LOG_ID_MAX] GUARDED_BY(lock_);
RwLock lock_;
+ std::list<SerializedLogChunk> chunks_to_delete_[LOG_ID_MAX] GUARDED_BY(lock_);
+ std::thread deleter_thread_ GUARDED_BY(lock_);
+ bool deleter_thread_running_ GUARDED_BY(lock_) = false;
+
std::atomic<uint64_t> sequence_ = 1;
};
diff --git a/logd/fuzz/Android.bp b/logd/fuzz/Android.bp
index 9834ff0..587eedc 100644
--- a/logd/fuzz/Android.bp
+++ b/logd/fuzz/Android.bp
@@ -13,11 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-cc_fuzz {
- name: "log_buffer_log_fuzzer",
- srcs: [
- "log_buffer_log_fuzzer.cpp",
- ],
+
+cc_defaults {
+ name: "log_fuzzer_defaults",
static_libs: [
"libbase",
"libcutils",
@@ -25,9 +23,25 @@
"liblog",
"liblogd",
"libcutils",
- "libsysutils",
"libz",
"libzstd",
],
- cflags: ["-Werror"],
+ cflags: ["-Wextra"],
+ host_supported: true,
+}
+
+cc_fuzz {
+ name: "log_buffer_log_fuzzer",
+ defaults: ["log_fuzzer_defaults"],
+ srcs: [
+ "log_buffer_log_fuzzer.cpp",
+ ],
+}
+
+cc_fuzz {
+ name: "serialized_log_buffer_fuzzer",
+ defaults: ["log_fuzzer_defaults"],
+ srcs: [
+ "serialized_log_buffer_fuzzer.cpp",
+ ],
}
diff --git a/logd/fuzz/log_buffer_log_fuzzer.cpp b/logd/fuzz/log_buffer_log_fuzzer.cpp
index a7a1792..1dc996c 100644
--- a/logd/fuzz/log_buffer_log_fuzzer.cpp
+++ b/logd/fuzz/log_buffer_log_fuzzer.cpp
@@ -15,10 +15,13 @@
*/
#include <string>
+#include <android-base/logging.h>
+
#include "../ChattyLogBuffer.h"
#include "../LogReaderList.h"
#include "../LogReaderThread.h"
#include "../LogStatistics.h"
+#include "../SerializedLogBuffer.h"
// We don't want to waste a lot of entropy on messages
#define MAX_MSG_LENGTH 5
@@ -27,7 +30,20 @@
#define MIN_TAG_ID 1000
#define TAG_MOD 10
-namespace android {
+#ifndef __ANDROID__
+unsigned long __android_logger_get_buffer_size(log_id_t) {
+ return 1024 * 1024;
+}
+
+bool __android_logger_valid_buffer_size(unsigned long) {
+ return true;
+}
+#endif
+
+char* android::uidToName(uid_t) {
+ return strdup("fake");
+}
+
struct LogInput {
public:
log_id_t log_id;
@@ -79,9 +95,13 @@
return 1;
}
-char* uidToName(uid_t) {
- return strdup("fake");
-}
+class NoopWriter : public LogWriter {
+ public:
+ NoopWriter() : LogWriter(0, true) {}
+ bool Write(const logger_entry&, const char*) override { return true; }
+
+ std::string name() const override { return "noop_writer"; }
+};
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
// We want a random tag length and a random remaining message length
@@ -89,11 +109,18 @@
return 0;
}
+ android::base::SetMinimumLogSeverity(android::base::ERROR);
+
LogReaderList reader_list;
LogTags tags;
PruneList prune_list;
LogStatistics stats(true);
- LogBuffer* log_buffer = new ChattyLogBuffer(&reader_list, &tags, &prune_list, &stats);
+ std::unique_ptr<LogBuffer> log_buffer;
+#ifdef FUZZ_SERIALIZED
+ log_buffer.reset(new SerializedLogBuffer(&reader_list, &tags, &stats));
+#else
+ log_buffer.reset(new ChattyLogBuffer(&reader_list, &tags, &prune_list, &stats));
+#endif
size_t data_left = size;
const uint8_t** pdata = &data;
@@ -102,12 +129,30 @@
log_id_for_each(i) { log_buffer->SetSize(i, 10000); }
while (data_left >= sizeof(LogInput) + 2 * sizeof(uint8_t)) {
- if (!write_log_messages(pdata, &data_left, log_buffer, &stats)) {
+ if (!write_log_messages(pdata, &data_left, log_buffer.get(), &stats)) {
return 0;
}
}
+ // Read out all of the logs.
+ {
+ auto lock = std::unique_lock{reader_list.reader_threads_lock()};
+ std::unique_ptr<LogWriter> test_writer(new NoopWriter());
+ std::unique_ptr<LogReaderThread> log_reader(
+ new LogReaderThread(log_buffer.get(), &reader_list, std::move(test_writer), true, 0,
+ kLogMaskAll, 0, {}, 1, {}));
+ reader_list.reader_threads().emplace_back(std::move(log_reader));
+ }
+
+ // Wait until the reader has finished.
+ while (true) {
+ usleep(50);
+ auto lock = std::unique_lock{reader_list.reader_threads_lock()};
+ if (reader_list.reader_threads().size() == 0) {
+ break;
+ }
+ }
+
log_id_for_each(i) { log_buffer->Clear(i, 0); }
return 0;
}
-} // namespace android
diff --git a/logd/fuzz/serialized_log_buffer_fuzzer.cpp b/logd/fuzz/serialized_log_buffer_fuzzer.cpp
new file mode 100644
index 0000000..d4795b0
--- /dev/null
+++ b/logd/fuzz/serialized_log_buffer_fuzzer.cpp
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define FUZZ_SERIALIZED
+
+#include "log_buffer_log_fuzzer.cpp"
diff --git a/logd/main.cpp b/logd/main.cpp
index 46b6567..e1ec52b 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -69,49 +69,42 @@
// has a 'sigstop' feature that sends SIGSTOP to a service immediately before calling exec(). This
// allows debuggers, etc to be attached to logd at the very beginning, while still having init
// handle the user, groups, capabilities, files, etc setup.
-static int drop_privs(bool klogd, bool auditd) {
- sched_param param = {};
-
+static void DropPrivs(bool klogd, bool auditd) {
if (set_sched_policy(0, SP_BACKGROUND) < 0) {
- PLOG(ERROR) << "failed to set background scheduling policy";
- return -1;
+ PLOG(FATAL) << "failed to set background scheduling policy";
}
+ sched_param param = {};
if (sched_setscheduler((pid_t)0, SCHED_BATCH, ¶m) < 0) {
- PLOG(ERROR) << "failed to set batch scheduler";
- return -1;
+ PLOG(FATAL) << "failed to set batch scheduler";
}
if (!__android_logger_property_get_bool("ro.debuggable", BOOL_DEFAULT_FALSE) &&
prctl(PR_SET_DUMPABLE, 0) == -1) {
- PLOG(ERROR) << "failed to clear PR_SET_DUMPABLE";
- return -1;
+ PLOG(FATAL) << "failed to clear PR_SET_DUMPABLE";
}
std::unique_ptr<struct _cap_struct, int (*)(void*)> caps(cap_init(), cap_free);
if (cap_clear(caps.get()) < 0) {
- return -1;
+ PLOG(FATAL) << "cap_clear() failed";
}
- std::vector<cap_value_t> cap_value;
if (klogd) {
- cap_value.emplace_back(CAP_SYSLOG);
+ cap_value_t cap_syslog = CAP_SYSLOG;
+ if (cap_set_flag(caps.get(), CAP_PERMITTED, 1, &cap_syslog, CAP_SET) < 0 ||
+ cap_set_flag(caps.get(), CAP_EFFECTIVE, 1, &cap_syslog, CAP_SET) < 0) {
+ PLOG(FATAL) << "Failed to set CAP_SYSLOG";
+ }
}
if (auditd) {
- cap_value.emplace_back(CAP_AUDIT_CONTROL);
- }
-
- if (cap_set_flag(caps.get(), CAP_PERMITTED, cap_value.size(), cap_value.data(), CAP_SET) < 0) {
- return -1;
- }
- if (cap_set_flag(caps.get(), CAP_EFFECTIVE, cap_value.size(), cap_value.data(), CAP_SET) < 0) {
- return -1;
+ cap_value_t cap_audit_control = CAP_AUDIT_CONTROL;
+ if (cap_set_flag(caps.get(), CAP_PERMITTED, 1, &cap_audit_control, CAP_SET) < 0 ||
+ cap_set_flag(caps.get(), CAP_EFFECTIVE, 1, &cap_audit_control, CAP_SET) < 0) {
+ PLOG(FATAL) << "Failed to set CAP_AUDIT_CONTROL";
+ }
}
if (cap_set_proc(caps.get()) < 0) {
- PLOG(ERROR) << "failed to set CAP_SYSLOG or CAP_AUDIT_CONTROL";
- return -1;
+ PLOG(FATAL) << "cap_set_proc() failed";
}
-
- return 0;
}
char* android::uidToName(uid_t u) {
@@ -254,9 +247,7 @@
}
bool auditd = __android_logger_property_get_bool("ro.logd.auditd", BOOL_DEFAULT_TRUE);
- if (drop_privs(klogd, auditd) != 0) {
- return EXIT_FAILURE;
- }
+ DropPrivs(klogd, auditd);
// A cache of event log tags
LogTags log_tags;