Wenhao Wang 256519a529 Add logcat service to track logd access
The LogcatManagerService monitors all privileged (in AID_LOG group)
access to logd. Only Root and System Server can read the logd data
without tracking. Whenever the logd recieve privileged read data request,
the request is forwarded to the LogcatManagerService.

The LogcatManagerService can approve or decline the request via
binder RPC on logd service. The binder call is enforced by sepolicy.
That means only LogcatManagerService can use the logd binder service.
And only logd can use the logcat binder service.

The next step will add user consent requirement for the logd access.

Bug: 197901557
Test: Reboot the device, then run "adb logcat" multiple times
both during the booting and after the booting. The control flow goes
correctly as we expected.
Ignore-AOSP-First: pending fix for logcat privacy issue

Change-Id: I5e225b65357e7bfacd5c6c9cb4fab5f309803193
2022-01-19 16:49:49 -08:00

58 lines
1.6 KiB
Plaintext

// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Provides C++ wrappers for system services.
package {
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "frameworks_base_license"
// to get the below license kinds:
// SPDX-license-identifier-Apache-2.0
default_applicable_licenses: ["frameworks_base_license"],
}
cc_library_shared {
name: "libservices",
srcs: [
":IDropBoxManagerService.aidl",
":ILogcatManagerService_aidl",
"src/content/ComponentName.cpp",
"src/os/DropBoxManager.cpp",
],
shared_libs: [
"libbinder",
"libcutils",
"liblog",
"libutils",
],
header_libs: [
"libbase_headers",
],
aidl: {
include_dirs: ["frameworks/base/core/java/"],
},
export_include_dirs: ["include"],
export_header_lib_headers: ["libbase_headers"],
cflags: [
"-Wall",
"-Werror",
"-Wunused",
"-Wunreachable-code",
],
}