Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Unifying method names and comments to security logging, not device logging" into nyc-dev

Browse Source
This commit is contained in:
Rubin Xu
2016-03-17 11:23:54 +00:00
committed by Android (Google) Code Review
parent 7d0e392e2c 6235a94ffa
commit c7605b838b
15 changed files with 488 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Android.mk
View File

@@ -42,7 +42,7 @@ LOCAL_SRC_FILES := $(call find-other-java-files,$(FRAMEWORKS_BASE_SUBDIRS))
# EventLogTags files.
LOCAL_SRC_FILES += \
core/java/android/auditing/SecurityLogTags.logtags \
core/java/android/app/admin/SecurityLogTags.logtags \
core/java/android/content/EventLogTags.logtags \
core/java/android/speech/tts/EventLogTags.logtags \
core/java/android/webkit/EventLogTags.logtags \

54
api/current.txt
View File

@@ -5851,7 +5851,6 @@ package android.app.admin {
method public boolean getCrossProfileContactsSearchDisabled(android.content.ComponentName);
method public java.util.List<java.lang.String> getCrossProfileWidgetProviders(android.content.ComponentName);
method public int getCurrentFailedPasswordAttempts();
method public boolean getDeviceLoggingEnabled(android.content.ComponentName);
method public java.lang.String getDeviceOwnerLockScreenInfo();
method public java.util.List<byte[]> getInstalledCaCerts(android.content.ComponentName);
method public int getKeyguardDisabledFeatures(android.content.ComponentName);
@@ -5900,6 +5899,7 @@ package android.app.admin {
method public boolean isMasterVolumeMuted(android.content.ComponentName);
method public boolean isProfileOwnerApp(java.lang.String);
method public boolean isProvisioningAllowed(java.lang.String);
method public boolean isSecurityLoggingEnabled(android.content.ComponentName);
method public boolean isUninstallBlocked(android.content.ComponentName, java.lang.String);
method public void lockNow();
method public void reboot(android.content.ComponentName);
@@ -5909,8 +5909,8 @@ package android.app.admin {
method public boolean removeUser(android.content.ComponentName, android.os.UserHandle);
method public boolean requestBugreport(android.content.ComponentName);
method public boolean resetPassword(java.lang.String, int);
method public java.util.List<android.auditing.SecurityLog.SecurityEvent> retrieveDeviceLogs(android.content.ComponentName);
method public java.util.List<android.auditing.SecurityLog.SecurityEvent> retrievePreviousDeviceLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);
method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);
method public boolean setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String);
method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);
@@ -5922,7 +5922,6 @@ package android.app.admin {
method public void setCertInstallerPackage(android.content.ComponentName, java.lang.String) throws java.lang.SecurityException;
method public void setCrossProfileCallerIdDisabled(android.content.ComponentName, boolean);
method public void setCrossProfileContactsSearchDisabled(android.content.ComponentName, boolean);
method public void setDeviceLoggingEnabled(android.content.ComponentName, boolean);
method public boolean setDeviceOwnerLockScreenInfo(android.content.ComponentName, java.lang.String);
method public void setGlobalSetting(android.content.ComponentName, java.lang.String, java.lang.String);
method public boolean setKeyguardDisabled(android.content.ComponentName, boolean);
@@ -5955,6 +5954,7 @@ package android.app.admin {
method public void setRestrictionsProvider(android.content.ComponentName, android.content.ComponentName);
method public void setScreenCaptureDisabled(android.content.ComponentName, boolean);
method public void setSecureSetting(android.content.ComponentName, java.lang.String, java.lang.String);
method public void setSecurityLoggingEnabled(android.content.ComponentName, boolean);
method public void setShortSupportMessage(android.content.ComponentName, java.lang.String);
method public boolean setStatusBarDisabled(android.content.ComponentName, boolean);
method public int setStorageEncryption(android.content.ComponentName, boolean);
@@ -6040,6 +6040,27 @@ package android.app.admin {
field public static final int WIPE_RESET_PROTECTION_DATA = 2; // 0x2
}
public class SecurityLog {
ctor public SecurityLog();
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
public static final class SecurityLog.SecurityEvent implements android.os.Parcelable {
method public int describeContents();
method public java.lang.Object getData();
method public int getTag();
method public long getTimeNanos();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.app.admin.SecurityLog.SecurityEvent> CREATOR;
}
public class SystemUpdatePolicy implements android.os.Parcelable {
method public static android.app.admin.SystemUpdatePolicy createAutomaticInstallPolicy();
method public static android.app.admin.SystemUpdatePolicy createPostponeInstallPolicy();
@@ -6580,31 +6601,6 @@ package android.appwidget {
}
package android.auditing {
public class SecurityLog {
ctor public SecurityLog();
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
public static final class SecurityLog.SecurityEvent implements android.os.Parcelable {
method public int describeContents();
method public java.lang.Object getData();
method public int getTag();
method public long getTimeNanos();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.auditing.SecurityLog.SecurityEvent> CREATOR;
}
}
package android.bluetooth {
public final class BluetoothA2dp implements android.bluetooth.BluetoothProfile {

54
api/system-current.txt
View File

@@ -5990,7 +5990,6 @@ package android.app.admin {
method public int getCurrentFailedPasswordAttempts();
method public deprecated java.lang.String getDeviceInitializerApp();
method public deprecated android.content.ComponentName getDeviceInitializerComponent();
method public boolean getDeviceLoggingEnabled(android.content.ComponentName);
method public java.lang.String getDeviceOwner();
method public java.lang.String getDeviceOwnerLockScreenInfo();
method public java.lang.String getDeviceOwnerNameOnAnyUser();
@@ -6046,6 +6045,7 @@ package android.app.admin {
method public boolean isMasterVolumeMuted(android.content.ComponentName);
method public boolean isProfileOwnerApp(java.lang.String);
method public boolean isProvisioningAllowed(java.lang.String);
method public boolean isSecurityLoggingEnabled(android.content.ComponentName);
method public boolean isUninstallBlocked(android.content.ComponentName, java.lang.String);
method public void lockNow();
method public void notifyPendingSystemUpdate(long);
@@ -6056,8 +6056,8 @@ package android.app.admin {
method public boolean removeUser(android.content.ComponentName, android.os.UserHandle);
method public boolean requestBugreport(android.content.ComponentName);
method public boolean resetPassword(java.lang.String, int);
method public java.util.List<android.auditing.SecurityLog.SecurityEvent> retrieveDeviceLogs(android.content.ComponentName);
method public java.util.List<android.auditing.SecurityLog.SecurityEvent> retrievePreviousDeviceLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);
method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);
method public deprecated boolean setActiveProfileOwner(android.content.ComponentName, java.lang.String) throws java.lang.IllegalArgumentException;
method public boolean setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String);
@@ -6070,7 +6070,6 @@ package android.app.admin {
method public void setCertInstallerPackage(android.content.ComponentName, java.lang.String) throws java.lang.SecurityException;
method public void setCrossProfileCallerIdDisabled(android.content.ComponentName, boolean);
method public void setCrossProfileContactsSearchDisabled(android.content.ComponentName, boolean);
method public void setDeviceLoggingEnabled(android.content.ComponentName, boolean);
method public boolean setDeviceOwnerLockScreenInfo(android.content.ComponentName, java.lang.String);
method public void setGlobalSetting(android.content.ComponentName, java.lang.String, java.lang.String);
method public boolean setKeyguardDisabled(android.content.ComponentName, boolean);
@@ -6103,6 +6102,7 @@ package android.app.admin {
method public void setRestrictionsProvider(android.content.ComponentName, android.content.ComponentName);
method public void setScreenCaptureDisabled(android.content.ComponentName, boolean);
method public void setSecureSetting(android.content.ComponentName, java.lang.String, java.lang.String);
method public void setSecurityLoggingEnabled(android.content.ComponentName, boolean);
method public void setShortSupportMessage(android.content.ComponentName, java.lang.String);
method public boolean setStatusBarDisabled(android.content.ComponentName, boolean);
method public int setStorageEncryption(android.content.ComponentName, boolean);
@@ -6197,6 +6197,27 @@ package android.app.admin {
field public static final int WIPE_RESET_PROTECTION_DATA = 2; // 0x2
}
public class SecurityLog {
ctor public SecurityLog();
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
public static final class SecurityLog.SecurityEvent implements android.os.Parcelable {
method public int describeContents();
method public java.lang.Object getData();
method public int getTag();
method public long getTimeNanos();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.app.admin.SecurityLog.SecurityEvent> CREATOR;
}
public class SystemUpdatePolicy implements android.os.Parcelable {
method public static android.app.admin.SystemUpdatePolicy createAutomaticInstallPolicy();
method public static android.app.admin.SystemUpdatePolicy createPostponeInstallPolicy();
@@ -6847,31 +6868,6 @@ package android.appwidget {
}
package android.auditing {
public class SecurityLog {
ctor public SecurityLog();
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
public static final class SecurityLog.SecurityEvent implements android.os.Parcelable {
method public int describeContents();
method public java.lang.Object getData();
method public int getTag();
method public long getTimeNanos();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.auditing.SecurityLog.SecurityEvent> CREATOR;
}
}
package android.bluetooth {
public final class BluetoothA2dp implements android.bluetooth.BluetoothProfile {

54
api/test-current.txt
View File

@@ -5855,7 +5855,6 @@ package android.app.admin {
method public boolean getCrossProfileContactsSearchDisabled(android.content.ComponentName);
method public java.util.List<java.lang.String> getCrossProfileWidgetProviders(android.content.ComponentName);
method public int getCurrentFailedPasswordAttempts();
method public boolean getDeviceLoggingEnabled(android.content.ComponentName);
method public java.lang.String getDeviceOwnerLockScreenInfo();
method public java.util.List<byte[]> getInstalledCaCerts(android.content.ComponentName);
method public int getKeyguardDisabledFeatures(android.content.ComponentName);
@@ -5904,6 +5903,7 @@ package android.app.admin {
method public boolean isMasterVolumeMuted(android.content.ComponentName);
method public boolean isProfileOwnerApp(java.lang.String);
method public boolean isProvisioningAllowed(java.lang.String);
method public boolean isSecurityLoggingEnabled(android.content.ComponentName);
method public boolean isUninstallBlocked(android.content.ComponentName, java.lang.String);
method public void lockNow();
method public void reboot(android.content.ComponentName);
@@ -5913,8 +5913,8 @@ package android.app.admin {
method public boolean removeUser(android.content.ComponentName, android.os.UserHandle);
method public boolean requestBugreport(android.content.ComponentName);
method public boolean resetPassword(java.lang.String, int);
method public java.util.List<android.auditing.SecurityLog.SecurityEvent> retrieveDeviceLogs(android.content.ComponentName);
method public java.util.List<android.auditing.SecurityLog.SecurityEvent> retrievePreviousDeviceLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);
method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);
method public boolean setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String);
method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);
@@ -5926,7 +5926,6 @@ package android.app.admin {
method public void setCertInstallerPackage(android.content.ComponentName, java.lang.String) throws java.lang.SecurityException;
method public void setCrossProfileCallerIdDisabled(android.content.ComponentName, boolean);
method public void setCrossProfileContactsSearchDisabled(android.content.ComponentName, boolean);
method public void setDeviceLoggingEnabled(android.content.ComponentName, boolean);
method public boolean setDeviceOwnerLockScreenInfo(android.content.ComponentName, java.lang.String);
method public void setGlobalSetting(android.content.ComponentName, java.lang.String, java.lang.String);
method public boolean setKeyguardDisabled(android.content.ComponentName, boolean);
@@ -5959,6 +5958,7 @@ package android.app.admin {
method public void setRestrictionsProvider(android.content.ComponentName, android.content.ComponentName);
method public void setScreenCaptureDisabled(android.content.ComponentName, boolean);
method public void setSecureSetting(android.content.ComponentName, java.lang.String, java.lang.String);
method public void setSecurityLoggingEnabled(android.content.ComponentName, boolean);
method public void setShortSupportMessage(android.content.ComponentName, java.lang.String);
method public boolean setStatusBarDisabled(android.content.ComponentName, boolean);
method public int setStorageEncryption(android.content.ComponentName, boolean);
@@ -6044,6 +6044,27 @@ package android.app.admin {
field public static final int WIPE_RESET_PROTECTION_DATA = 2; // 0x2
}
public class SecurityLog {
ctor public SecurityLog();
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
public static final class SecurityLog.SecurityEvent implements android.os.Parcelable {
method public int describeContents();
method public java.lang.Object getData();
method public int getTag();
method public long getTimeNanos();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.app.admin.SecurityLog.SecurityEvent> CREATOR;
}
public class SystemUpdatePolicy implements android.os.Parcelable {
method public static android.app.admin.SystemUpdatePolicy createAutomaticInstallPolicy();
method public static android.app.admin.SystemUpdatePolicy createPostponeInstallPolicy();
@@ -6584,31 +6605,6 @@ package android.appwidget {
}
package android.auditing {
public class SecurityLog {
ctor public SecurityLog();
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
public static final class SecurityLog.SecurityEvent implements android.os.Parcelable {
method public int describeContents();
method public java.lang.Object getData();
method public int getTag();
method public long getTimeNanos();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.auditing.SecurityLog.SecurityEvent> CREATOR;
}
}
package android.bluetooth {
public final class BluetoothA2dp implements android.bluetooth.BluetoothProfile {

6
core/java/android/app/admin/DeviceAdminReceiver.java
View File

@@ -268,7 +268,7 @@ public class DeviceAdminReceiver extends BroadcastReceiver {
"android.app.action.BUGREPORT_SHARE";
/**
* Broadcast action: notify that a new batch of device logs is ready to be collected.
* Broadcast action: notify that a new batch of security logs is ready to be collected.
* @hide
*/
@SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
@@ -623,13 +623,13 @@ public class DeviceAdminReceiver extends BroadcastReceiver {
}
/**
* Called when a new batch of device logs can be retrieved.
* Called when a new batch of security logs can be retrieved.
*
* <p>This callback is only applicable to device owners.
*
* @param context The running context as per {@link #onReceive}.
* @param intent The received intent as per {@link #onReceive}.
* @see DevicePolicyManager#retrieveDeviceLogs(ComponentName)
* @see DevicePolicyManager#retrieveSecurityLogs(ComponentName)
*/
public void onSecurityLogsAvailable(Context context, Intent intent) {
}

109
core/java/android/app/admin/DevicePolicyManager.java
View File

@@ -25,7 +25,7 @@ import android.annotation.SdkConstant.SdkConstantType;
import android.annotation.SystemApi;
import android.annotation.UserIdInt;
import android.app.Activity;
import android.auditing.SecurityLog.SecurityEvent;
import android.app.admin.SecurityLog.SecurityEvent;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
@@ -5787,63 +5787,80 @@ public class DevicePolicyManager {
}
/**
* Called by device owner to control the device logging feature. Logging can only be enabled on
* single user devices where the sole user is managed by the device owner.
* <p>
* Device logs contain various information intended for security auditing purposes. See
* {@link SecurityEvent} for details.
* <p>
* There must be only one user on the device, managed by the device owner. Otherwise a
* {@link SecurityException} will be thrown.
* Called by device owner to control the security logging feature. Logging can only be
* enabled on single user devices where the sole user is managed by the device owner.
*
* <p> Security logs contain various information intended for security auditing purposes.
* See {@link SecurityEvent} for details.
*
* <p>There must be only one user on the device, managed by the device owner.
* Otherwise a {@link SecurityException} will be thrown.
*
* @param admin Which device owner this request is associated with.
* @param enabled whether device logging should be enabled or not.
* @param enabled whether security logging should be enabled or not.
* @throws SecurityException if {@code admin} is not a device owner.
* @see #retrieveDeviceLogs
* @see #retrieveSecurityLogs
*/
public void setSecurityLoggingEnabled(@NonNull ComponentName admin, boolean enabled) {
try {
mService.setSecurityLoggingEnabled(admin, enabled);
} catch (RemoteException re) {
throw re.rethrowFromSystemServer();
}
}
/**
* Temporary // STOPSHIP TODO(mkarpinski): remove those once change to TestDPC is pushed
* @hide
*/
public void setDeviceLoggingEnabled(@NonNull ComponentName admin, boolean enabled) {
setSecurityLoggingEnabled(admin, enabled);
}
/**
* Return whether security logging is enabled or not by the device owner.
*
* <p>Can only be called by the device owner, otherwise a {@link SecurityException} will be
* thrown.
*
* @param admin Which device owner this request is associated with.
* @return {@code true} if security logging is enabled by device owner, {@code false} otherwise.
* @throws SecurityException if {@code admin} is not a device owner.
*/
public boolean isSecurityLoggingEnabled(@NonNull ComponentName admin) {
try {
mService.setDeviceLoggingEnabled(admin, enabled);
return mService.isSecurityLoggingEnabled(admin);
} catch (RemoteException re) {
throw re.rethrowFromSystemServer();
}
}
/**
* Return whether device logging is enabled or not by the device owner.
* <p>
* Can only be called by the device owner, otherwise a {@link SecurityException} will be thrown.
*
* @param admin Which device owner this request is associated with.
* @return {@code true} if device logging is enabled by device owner, {@code false} otherwise.
* @throws SecurityException if {@code admin} is not a device owner.
* Temporary // STOPSHIP TODO(mkarpinski): remove those once change to TestDPC is pushed
* @hide
*/
public boolean getDeviceLoggingEnabled(@NonNull ComponentName admin) {
try {
return mService.getDeviceLoggingEnabled(admin);
} catch (RemoteException re) {
throw re.rethrowFromSystemServer();
}
return isSecurityLoggingEnabled(admin);
}
/**
* Called by device owner to retrieve all new device logging entries since the last call to this
* API after device boots.
* <p>
* Access to the logs is rate limited and it will only return new logs after the device owner
* has been notified via {@link DeviceAdminReceiver#onSecurityLogsAvailable}.
* <p>
* There must be only one user on the device, managed by the device owner. Otherwise a
* {@link SecurityException} will be thrown.
* Called by device owner to retrieve all new security logging entries since the last call to
* this API after device boots.
*
* <p> Access to the logs is rate limited and it will only return new logs after the device
* owner has been notified via {@link DeviceAdminReceiver#onSecurityLogsAvailable}.
*
* <p>There must be only one user on the device, managed by the device owner.
* Otherwise a {@link SecurityException} will be thrown.
*
* @param admin Which device owner this request is associated with.
* @return the new batch of device logs which is a list of {@link SecurityEvent}, or
* {@code null} if rate limitation is exceeded or if logging is currently disabled.
* @return the new batch of security logs which is a list of {@link SecurityEvent},
* or {@code null} if rate limitation is exceeded or if logging is currently disabled.
* @throws SecurityException if {@code admin} is not a device owner.
*/
public List<SecurityEvent> retrieveDeviceLogs(@NonNull ComponentName admin) {
public List<SecurityEvent> retrieveSecurityLogs(@NonNull ComponentName admin) {
try {
ParceledListSlice<SecurityEvent> list = mService.retrieveDeviceLogs(admin);
ParceledListSlice<SecurityEvent> list = mService.retrieveSecurityLogs(admin);
if (list != null) {
return list.getList();
} else {
@@ -5855,6 +5872,14 @@ public class DevicePolicyManager {
}
}
/**
* Temporary // STOPSHIP TODO(mkarpinski): remove those once change to TestDPC is pushed
* @hide
*/
public List<SecurityEvent> retrieveDeviceLogs(@NonNull ComponentName admin) {
return retrieveSecurityLogs(admin);
}
/**
* Called by the system to obtain a {@link DevicePolicyManager} whose calls act on the parent
* profile.
@@ -5886,15 +5911,23 @@ public class DevicePolicyManager {
* @return Device logs from before the latest reboot of the system.
* @throws SecurityException if {@code admin} is not a device owner.
*/
public List<SecurityEvent> retrievePreviousDeviceLogs(@NonNull ComponentName admin) {
public List<SecurityEvent> retrievePreRebootSecurityLogs(@NonNull ComponentName admin) {
try {
ParceledListSlice<SecurityEvent> list = mService.retrievePreviousDeviceLogs(admin);
ParceledListSlice<SecurityEvent> list = mService.retrievePreRebootSecurityLogs(admin);
return list.getList();
} catch (RemoteException re) {
throw re.rethrowFromSystemServer();
}
}
/**
* Temporary // STOPSHIP TODO(mkarpinski): remove those once change to TestDPC is pushed
* @hide
*/
public List<SecurityEvent> retrievePreviousDeviceLogs(@NonNull ComponentName admin) {
return retrievePreRebootSecurityLogs(admin);
}
/**
* Called by a profile owner of a managed profile to set the color used for customization. This
* color is used as background color of the confirm credentials screen for that user. The

8
core/java/android/app/admin/IDevicePolicyManager.aidl
View File

@@ -290,10 +290,10 @@ interface IDevicePolicyManager {
void setAffiliationIds(in ComponentName admin, in List<String> ids);
boolean isAffiliatedUser();
void setDeviceLoggingEnabled(in ComponentName admin, boolean enabled);
boolean getDeviceLoggingEnabled(in ComponentName admin);
ParceledListSlice retrieveDeviceLogs(in ComponentName admin);
ParceledListSlice retrievePreviousDeviceLogs(in ComponentName admin);
void setSecurityLoggingEnabled(in ComponentName admin, boolean enabled);
boolean isSecurityLoggingEnabled(in ComponentName admin);
ParceledListSlice retrieveSecurityLogs(in ComponentName admin);
ParceledListSlice retrievePreRebootSecurityLogs(in ComponentName admin);
boolean isUninstallInQueue(String packageName);
void uninstallPackageWithActiveAdmins(String packageName);

4
core/java/android/auditing/SecurityLog.java → core/java/android/app/admin/SecurityLog.java
View File

@@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.auditing;
package android.app.admin;
import android.annotation.IntDef;
import android.os.Parcel;
@@ -92,7 +92,7 @@ public class SecurityLog {
public static final int TAG_KEYGUARD_SECURED = SecurityLogTags.SECURITY_KEYGUARD_SECURED;
/**
* Returns if device logging is enabled. Log producers should only write new logs if this is
* Returns if security logging is enabled. Log producers should only write new logs if this is
* true. Under the hood this is the logical AND of whether device owner exists and whether
* it enables logging by setting the system property {@link #PROPERTY_LOGGING_ENABLED}.
* @hide

2
core/java/android/auditing/SecurityLogTags.logtags → core/java/android/app/admin/SecurityLogTags.logtags
View File

@@ -1,6 +1,6 @@
# See system/core/logcat/event.logtags for a description of the format of this file.
option java_package android.auditing
option java_package android.app.admin
210001 security_adb_shell_interactive
210002 security_adb_shell_command (command|3)

2
core/jni/Android.mk
View File

@@ -36,7 +36,7 @@ LOCAL_SRC_FILES:= \
android_app_Activity.cpp \
android_app_ApplicationLoaders.cpp \
android_app_NativeActivity.cpp \
android_auditing_SecurityLog.cpp \
android_app_admin_SecurityLog.cpp \
android_opengl_EGL14.cpp \
android_opengl_EGLExt.cpp \
android_opengl_GLES10.cpp \

4
core/jni/AndroidRuntime.cpp
View File

@@ -109,7 +109,7 @@ namespace android {
* JNI-based registration functions. Note these are properly contained in
* namespace android.
*/
extern int register_android_auditing_SecurityLog(JNIEnv* env);
extern int register_android_app_admin_SecurityLog(JNIEnv* env);
extern int register_android_content_AssetManager(JNIEnv* env);
extern int register_android_util_EventLog(JNIEnv* env);
extern int register_android_util_Log(JNIEnv* env);
@@ -1253,7 +1253,7 @@ static const RegJNIRec gRegJNI[] = {
REG_JNI(register_android_util_EventLog),
REG_JNI(register_android_util_Log),
REG_JNI(register_android_util_PathParser),
REG_JNI(register_android_auditing_SecurityLog),
REG_JNI(register_android_app_admin_SecurityLog),
REG_JNI(register_android_content_AssetManager),
REG_JNI(register_android_content_StringBlock),
REG_JNI(register_android_content_XmlBlock),

312
core/jni/android_app_admin_SecurityLog.cpp Normal file
View File

@@ -0,0 +1,312 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <fcntl.h>
#include "JNIHelp.h"
#include "core_jni_helpers.h"
#include "jni.h"
#include "log/logger.h"
// The size of the tag number comes out of the payload size.
#define MAX_EVENT_PAYLOAD (LOGGER_ENTRY_MAX_PAYLOAD - sizeof(int32_t))
namespace android {
static jclass gCollectionClass;
static jmethodID gCollectionAddID;
static jclass gEventClass;
static jmethodID gEventInitID;
static jclass gIntegerClass;
static jfieldID gIntegerValueID;
static jclass gLongClass;
static jfieldID gLongValueID;
static jclass gFloatClass;
static jfieldID gFloatValueID;
static jclass gStringClass;
static jboolean android_app_admin_SecurityLog_isLoggingEnabled(JNIEnv* env,
jobject /* clazz */) {
return (bool)__android_log_security();
}
static jint android_app_admin_SecurityLog_writeEvent_String(JNIEnv* env,
jobject /* clazz */,
jint tag, jstring value) {
uint8_t buf[MAX_EVENT_PAYLOAD];
// Don't throw NPE -- I feel like it's sort of mean for a logging function
// to be all crashy if you pass in NULL -- but make the NULL value explicit.
const char *str = value != NULL ? env->GetStringUTFChars(value, NULL) : "NULL";
uint32_t len = strlen(str);
size_t max = sizeof(buf) - sizeof(len) - 2; // Type byte, final newline
if (len > max) len = max;
buf[0] = EVENT_TYPE_STRING;
memcpy(&buf[1], &len, sizeof(len));
memcpy(&buf[1 + sizeof(len)], str, len);
buf[1 + sizeof(len) + len] = '\n';
if (value != NULL) env->ReleaseStringUTFChars(value, str);
return __android_log_security_bwrite(tag, buf, 2 + sizeof(len) + len);
}
static jint android_app_admin_SecurityLog_writeEvent_Array(JNIEnv* env, jobject clazz,
jint tag, jobjectArray value) {
if (value == NULL) {
return android_app_admin_SecurityLog_writeEvent_String(env, clazz, tag, NULL);
}
uint8_t buf[MAX_EVENT_PAYLOAD];
const size_t max = sizeof(buf) - 1; // leave room for final newline
size_t pos = 2; // Save room for type tag & array count
jsize copied = 0, num = env->GetArrayLength(value);
for (; copied < num && copied < 255; ++copied) {
jobject item = env->GetObjectArrayElement(value, copied);
if (item == NULL || env->IsInstanceOf(item, gStringClass)) {
if (pos + 1 + sizeof(jint) > max) break;
const char *str = item != NULL ? env->GetStringUTFChars((jstring) item, NULL) : "NULL";
jint len = strlen(str);
if (pos + 1 + sizeof(len) + len > max) len = max - pos - 1 - sizeof(len);
buf[pos++] = EVENT_TYPE_STRING;
memcpy(&buf[pos], &len, sizeof(len));
memcpy(&buf[pos + sizeof(len)], str, len);
pos += sizeof(len) + len;
if (item != NULL) env->ReleaseStringUTFChars((jstring) item, str);
} else if (env->IsInstanceOf(item, gIntegerClass)) {
jint intVal = env->GetIntField(item, gIntegerValueID);
if (pos + 1 + sizeof(intVal) > max) break;
buf[pos++] = EVENT_TYPE_INT;
memcpy(&buf[pos], &intVal, sizeof(intVal));
pos += sizeof(intVal);
} else if (env->IsInstanceOf(item, gLongClass)) {
jlong longVal = env->GetLongField(item, gLongValueID);
if (pos + 1 + sizeof(longVal) > max) break;
buf[pos++] = EVENT_TYPE_LONG;
memcpy(&buf[pos], &longVal, sizeof(longVal));
pos += sizeof(longVal);
} else if (env->IsInstanceOf(item, gFloatClass)) {
jfloat floatVal = env->GetFloatField(item, gFloatValueID);
if (pos + 1 + sizeof(floatVal) > max) break;
buf[pos++] = EVENT_TYPE_FLOAT;
memcpy(&buf[pos], &floatVal, sizeof(floatVal));
pos += sizeof(floatVal);
} else {
jniThrowException(env,
"java/lang/IllegalArgumentException",
"Invalid payload item type");
return -1;
}
env->DeleteLocalRef(item);
}
buf[0] = EVENT_TYPE_LIST;
buf[1] = copied;
buf[pos++] = '\n';
return __android_log_security_bwrite(tag, buf, pos);
}
static void readEvents(JNIEnv* env, int loggerMode, jlong startTime, jobject out) {
struct logger_list *logger_list;
if (startTime) {
logger_list = android_logger_list_alloc_time(loggerMode,
log_time(startTime / NS_PER_SEC, startTime % NS_PER_SEC), 0);
} else {
logger_list = android_logger_list_alloc(loggerMode, 0, 0);
}
if (!logger_list) {
jniThrowIOException(env, errno);
return;
}
if (!android_logger_open(logger_list, LOG_ID_SECURITY)) {
jniThrowIOException(env, errno);
android_logger_list_free(logger_list);
return;
}
while (1) {
log_msg log_msg;
int ret = android_logger_list_read(logger_list, &log_msg);
if (ret == 0) {
break;
}
if (ret < 0) {
if (ret == -EINTR) {
continue;
}
if (ret == -EINVAL) {
jniThrowException(env, "java/io/IOException", "Event too short");
} else if (ret != -EAGAIN) {
jniThrowIOException(env, -ret); // Will throw on return
}
break;
}
if (log_msg.id() != LOG_ID_SECURITY) {
continue;
}
jsize len = ret;
jbyteArray array = env->NewByteArray(len);
if (array == NULL) {
break;
}
jbyte *bytes = env->GetByteArrayElements(array, NULL);
memcpy(bytes, log_msg.buf, len);
env->ReleaseByteArrayElements(array, bytes, 0);
jobject event = env->NewObject(gEventClass, gEventInitID, array);
if (event == NULL) {
break;
}
env->CallBooleanMethod(out, gCollectionAddID, event);
env->DeleteLocalRef(event);
env->DeleteLocalRef(array);
}
android_logger_list_close(logger_list);
}
static void android_app_admin_SecurityLog_readEvents(JNIEnv* env, jobject /* clazz */,
jobject out) {
if (out == NULL) {
jniThrowNullPointerException(env, NULL);
return;
}
readEvents(env, ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK, 0, out);
}
static void android_app_admin_SecurityLog_readEventsSince(JNIEnv* env, jobject /* clazz */,
jlong timestamp,
jobject out) {
if (out == NULL) {
jniThrowNullPointerException(env, NULL);
return;
}
readEvents(env, ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK, timestamp, out);
}
static void android_app_admin_SecurityLog_readPreviousEvents(JNIEnv* env, jobject /* clazz */,
jobject out) {
if (out == NULL) {
jniThrowNullPointerException(env, NULL);
return;
}
readEvents(env, ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK | ANDROID_LOG_PSTORE, 0, out);
}
static void android_app_admin_SecurityLog_readEventsOnWrapping(JNIEnv* env, jobject /* clazz */,
jlong timestamp,
jobject out) {
if (out == NULL) {
jniThrowNullPointerException(env, NULL);
return;
}
readEvents(env, ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK | ANDROID_LOG_WRAP, timestamp, out);
}
/*
* JNI registration.
*/
static const JNINativeMethod gRegisterMethods[] = {
/* name, signature, funcPtr */
{ "isLoggingEnabled",
"()Z",
(void*) android_app_admin_SecurityLog_isLoggingEnabled
},
{ "writeEvent",
"(ILjava/lang/String;)I",
(void*) android_app_admin_SecurityLog_writeEvent_String
},
{ "writeEvent",
"(I[Ljava/lang/Object;)I",
(void*) android_app_admin_SecurityLog_writeEvent_Array
},
{ "readEvents",
"(Ljava/util/Collection;)V",
(void*) android_app_admin_SecurityLog_readEvents
},
{ "readEventsSince",
"(JLjava/util/Collection;)V",
(void*) android_app_admin_SecurityLog_readEventsSince
},
{ "readPreviousEvents",
"(Ljava/util/Collection;)V",
(void*) android_app_admin_SecurityLog_readPreviousEvents
},
{ "readEventsOnWrapping",
"(JLjava/util/Collection;)V",
(void*) android_app_admin_SecurityLog_readEventsOnWrapping
},
};
static struct { const char *name; jclass *clazz; } gClasses[] = {
{ "android/app/admin/SecurityLog$SecurityEvent", &gEventClass },
{ "java/lang/Integer", &gIntegerClass },
{ "java/lang/Long", &gLongClass },
{ "java/lang/Float", &gFloatClass },
{ "java/lang/String", &gStringClass },
{ "java/util/Collection", &gCollectionClass },
};
static struct { jclass *c; const char *name, *ft; jfieldID *id; } gFields[] = {
{ &gIntegerClass, "value", "I", &gIntegerValueID },
{ &gLongClass, "value", "J", &gLongValueID },
{ &gFloatClass, "value", "F", &gFloatValueID },
};
static struct { jclass *c; const char *name, *mt; jmethodID *id; } gMethods[] = {
{ &gEventClass, "<init>", "([B)V", &gEventInitID },
{ &gCollectionClass, "add", "(Ljava/lang/Object;)Z", &gCollectionAddID },
};
int register_android_app_admin_SecurityLog(JNIEnv* env) {
for (int i = 0; i < NELEM(gClasses); ++i) {
jclass clazz = FindClassOrDie(env, gClasses[i].name);
*gClasses[i].clazz = MakeGlobalRefOrDie(env, clazz);
}
for (int i = 0; i < NELEM(gFields); ++i) {
*gFields[i].id = GetFieldIDOrDie(env,
*gFields[i].c, gFields[i].name, gFields[i].ft);
}
for (int i = 0; i < NELEM(gMethods); ++i) {
*gMethods[i].id = GetMethodIDOrDie(env,
*gMethods[i].c, gMethods[i].name, gMethods[i].mt);
}
return RegisterMethodsOrDie(
env,
"android/app/admin/SecurityLog",
gRegisterMethods, NELEM(gRegisterMethods));
}
}; // namespace android

2
services/core/java/com/android/server/am/ProcessStartLogger.java
View File

@@ -4,7 +4,7 @@ import static com.android.server.am.ActivityManagerDebugConfig.TAG_AM;
import static com.android.server.am.ActivityManagerDebugConfig.TAG_WITH_CLASS_NAME;
import android.app.AppGlobals;
import android.auditing.SecurityLog;
import android.app.admin.SecurityLog;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;

27
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
View File

@@ -26,8 +26,6 @@ import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT;
import static org.xmlpull.v1.XmlPullParser.END_TAG;
import static org.xmlpull.v1.XmlPullParser.TEXT;
import com.google.android.collect.Sets;
import android.Manifest.permission;
import android.accessibilityservice.AccessibilityServiceInfo;
import android.accounts.AccountManager;
@@ -50,10 +48,10 @@ import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyManager;
import android.app.admin.DevicePolicyManagerInternal;
import android.app.admin.IDevicePolicyManager;
import android.app.admin.SecurityLog;
import android.app.admin.SecurityLog.SecurityEvent;
import android.app.admin.SystemUpdatePolicy;
import android.app.backup.IBackupManager;
import android.auditing.SecurityLog;
import android.auditing.SecurityLog.SecurityEvent;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.ContentResolver;
@@ -142,6 +140,7 @@ import com.android.server.LocalServices;
import com.android.server.SystemService;
import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo;
import com.android.server.pm.UserRestrictionsUtils;
import com.google.android.collect.Sets;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
@@ -484,9 +483,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
new MonitoringCertNotificationTask().execute(intent);
}
if (Intent.ACTION_USER_ADDED.equals(action)) {
disableDeviceLoggingIfNotCompliant();
disableSecurityLoggingIfNotCompliant();
} else if (Intent.ACTION_USER_REMOVED.equals(action)) {
disableDeviceLoggingIfNotCompliant();
disableSecurityLoggingIfNotCompliant();
removeUserData(userHandle);
} else if (Intent.ACTION_USER_STARTED.equals(action)) {
synchronized (DevicePolicyManagerService.this) {
@@ -1672,7 +1671,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (mOwners.hasDeviceOwner()) {
mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, "true");
Slog.i(LOG_TAG, "Set ro.device_owner property to true");
disableDeviceLoggingIfNotCompliant();
disableSecurityLoggingIfNotCompliant();
if (mInjector.securityLogGetLoggingEnabledProperty()) {
mSecurityLogMonitor.start();
}
@@ -5612,7 +5611,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
mOwners.clearDeviceOwner();
mOwners.writeDeviceOwner();
updateDeviceOwnerLocked();
disableDeviceLoggingIfNotCompliant();
disableSecurityLoggingIfNotCompliant();
// Reactivate backup service.
long ident = mInjector.binderClearCallingIdentity();
try {
@@ -8598,15 +8597,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
return false;
}
private synchronized void disableDeviceLoggingIfNotCompliant() {
private synchronized void disableSecurityLoggingIfNotCompliant() {
if (!isDeviceOwnerManagedSingleUserDevice()) {
mInjector.securityLogSetLoggingEnabledProperty(false);
Slog.w(LOG_TAG, "Device logging turned off as it's no longer a single user device.");
Slog.w(LOG_TAG, "Security logging turned off as it's no longer a single user device.");
}
}
@Override
public void setDeviceLoggingEnabled(ComponentName admin, boolean enabled) {
public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled) {
Preconditions.checkNotNull(admin);
ensureDeviceOwnerManagingSingleUser(admin);
@@ -8624,7 +8623,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
@Override
public boolean getDeviceLoggingEnabled(ComponentName admin) {
public boolean isSecurityLoggingEnabled(ComponentName admin) {
Preconditions.checkNotNull(admin);
synchronized (this) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
@@ -8633,7 +8632,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
@Override
public ParceledListSlice<SecurityEvent> retrievePreviousDeviceLogs(ComponentName admin) {
public ParceledListSlice<SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin) {
Preconditions.checkNotNull(admin);
ensureDeviceOwnerManagingSingleUser(admin);
@@ -8648,7 +8647,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
@Override
public ParceledListSlice<SecurityEvent> retrieveDeviceLogs(ComponentName admin) {
public ParceledListSlice<SecurityEvent> retrieveSecurityLogs(ComponentName admin) {
Preconditions.checkNotNull(admin);
ensureDeviceOwnerManagingSingleUser(admin);

4
services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java
View File

@@ -17,8 +17,8 @@
package com.android.server.devicepolicy;
import android.app.admin.DeviceAdminReceiver;
import android.auditing.SecurityLog;
import android.auditing.SecurityLog.SecurityEvent;
import android.app.admin.SecurityLog;
import android.app.admin.SecurityLog.SecurityEvent;
import android.util.Log;
import android.util.Slog;