logd: security buffer only AID_SYSTEM reader - limit AID_SYSTEM uid or gid to read security buffer messages - adjust liblog tests to reflect the reality of this adjustment To fully test all security buffer paths and modes $ su 0,0,0 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security* $ su 1000,1000,1000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security* $ su 2000,2000,2000 /data/nativetest/liblog-unit-tests/liblog-unit-tests --gtest_filter=liblog.__security* ToDo: Integrate the above individually into the gTest Q/A testing Bug: 26029733 Change-Id: Idcf5492db78fa6934ef6fb43f3ef861052675651

commit: 8fa8896d2ed97eb274c62f0e386dabf2e2a82a45 [log] [tgz]
author: Mark Salyzyn <salyzyn@google.com> Tue Jan 26 14:32:35 2016 -0800
committer: Mark Salyzyn <salyzyn@google.com> Mon Feb 01 13:29:06 2016 -0800
tree: de55ad6d14d070c71eec43d64ee7f5ce36c0257e
parent: c2c0df900ded71aa3f7c9aee05614c7c050eef06 [diff] [blame]
diff --git a/logd/FlushCommand.cpp b/logd/FlushCommand.cpp
index 48036d3..fd45c4a0 100644
--- a/logd/FlushCommand.cpp
+++ b/logd/FlushCommand.cpp

@@ -93,3 +93,11 @@
 bool FlushCommand::hasReadLogs(SocketClient *client) {
     return clientHasLogCredentials(client);
 }
+
+static bool clientHasSecurityCredentials(SocketClient *client) {
+    return (client->getUid() == AID_SYSTEM) || (client->getGid() == AID_SYSTEM);
+}
+
+bool FlushCommand::hasSecurityLogs(SocketClient *client) {
+    return clientHasSecurityCredentials(client);
+}
commit	8fa8896d2ed97eb274c62f0e386dabf2e2a82a45	[log] [tgz]
author	Mark Salyzyn <salyzyn@google.com>	Tue Jan 26 14:32:35 2016 -0800
committer	Mark Salyzyn <salyzyn@google.com>	Mon Feb 01 13:29:06 2016 -0800
tree	de55ad6d14d070c71eec43d64ee7f5ce36c0257e
parent	c2c0df900ded71aa3f7c9aee05614c7c050eef06 [diff] [blame]