From d7e819f9eadd27cfaf151ba088fc3e8f9d1a8216 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 16 Dec 2022 23:58:47 +0000 Subject: Improve log message for locksettings shell commands Instead of the cryptic message "Caller pid %d Caller uid %d" at ERROR level, use the clearer message "Executing shell command '%s'; callingPid=%d, callingUid=%d" at INFO level. Intentionally log only the command name, not the other arguments. This is motivated by trying to debug b/262185378. Test: ran some shell commands and checked logcat Bug: 262185378 Change-Id: Ibd0e2763deaedf0c12823aa890398a35e4c46d8d --- .../android/server/locksettings/LockSettingsService.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index 5f39a523b3ac..e2b1ae1f9e8c 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -2424,16 +2424,20 @@ public class LockSettingsService extends ILockSettings.Stub { public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err, String[] args, ShellCallback callback, ResultReceiver resultReceiver) { enforceShell(); - final int origPid = Binder.getCallingPid(); - final int origUid = Binder.getCallingUid(); + final int callingPid = Binder.getCallingPid(); + final int callingUid = Binder.getCallingUid(); + + // Don't log arguments other than the first one (the command name), since they might contain + // secrets that must not be written to the log. + Slogf.i(TAG, "Executing shell command '%s'; callingPid=%d, callingUid=%d", + ArrayUtils.isEmpty(args) ? "" : args[0], callingPid, callingUid); - Slog.e(TAG, "Caller pid " + origPid + " Caller uid " + origUid); // The original identity is an opaque integer. final long origId = Binder.clearCallingIdentity(); try { final LockSettingsShellCommand command = - new LockSettingsShellCommand(new LockPatternUtils(mContext), mContext, origPid, - origUid); + new LockSettingsShellCommand(new LockPatternUtils(mContext), mContext, + callingPid, callingUid); command.exec(this, in, out, err, args, callback, resultReceiver); } finally { Binder.restoreCallingIdentity(origId); -- cgit v1.2.3-59-g8ed1b