Blame - core/java/android/auditing/SecurityLog.java - platform/frameworks/base

blob: f1703d644bb849ae0f719d626df9c7775409e336 [file] [log] [blame]

Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	1	/*
				2	* Copyright (C) 2016 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	package android.auditing;
				18
				19	import android.annotation.IntDef;
				20	import android.os.Parcel;
				21	import android.os.Parcelable;
				22	import android.os.SystemProperties;
				23	import android.util.EventLog.Event;
				24
				25	import java.io.IOException;
				26	import java.lang.annotation.Retention;
				27	import java.lang.annotation.RetentionPolicy;
				28	import java.util.Collection;
				29
				30	public class SecurityLog {
				31
				32	private static final String PROPERTY_LOGGING_ENABLED = "persist.logd.security";
				33
				34	/** @hide */
				35	@Retention(RetentionPolicy.SOURCE)
				36	@IntDef({TAG_ADB_SHELL_INTERACTIVE, TAG_ADB_SHELL_CMD, TAG_SYNC_RECV_FILE, TAG_SYNC_SEND_FILE,
Michal Karpinski	31502d3	2016-01-25 16:43:07 +0000	[diff] [blame]	37	TAG_APP_PROCESS_START, TAG_KEYGUARD_DISMISSED, TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT,
				38	TAG_KEYGUARD_SECURED})
Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	39	public @interface SECURITY_LOG_TAG {}
				40
				41	/**
				42	* Indicate that an ADB interactive shell was opened via "adb shell".
				43	* There is no extra payload in the log event.
				44	*/
				45	public static final int TAG_ADB_SHELL_INTERACTIVE =
				46	SecurityLogTags.SECURITY_ADB_SHELL_INTERACTIVE;
				47	/**
				48	* Indicate that an shell command was issued over ADB via "adb shell command"
				49	* The log entry contains a string data of the shell command, accessible via
				50	* {@link SecurityEvent#getData()}
				51	*/
				52	public static final int TAG_ADB_SHELL_CMD = SecurityLogTags.SECURITY_ADB_SHELL_COMMAND;
				53	/**
				54	* Indicate that a file was pulled from the device via the adb daemon, for example via
				55	* "adb pull". The log entry contains a string data of the path of the pulled file,
				56	* accessible via {@link SecurityEvent#getData()}
				57	*/
				58	public static final int TAG_SYNC_RECV_FILE = SecurityLogTags.SECURITY_ADB_SYNC_RECV;
				59	/**
				60	* Indicate that a file was pushed to the device via the adb daemon, for example via
				61	* "adb push". The log entry contains a string data of the destination path of the
				62	* pushed file, accessible via {@link SecurityEvent#getData()}
				63	*/
				64	public static final int TAG_SYNC_SEND_FILE = SecurityLogTags.SECURITY_ADB_SYNC_SEND;
				65	/**
				66	* Indicate that an app process was started. The log entry contains the following
				67	* information about the process in order, accessible via {@link SecurityEvent#getData()}}:
				68	* process name (String), exact start time (long), app Uid (integer), app Pid (integer),
				69	* seinfo tag (String), SHA-256 hash of the APK in hexadecimal (String)
				70	*/
				71	public static final int TAG_APP_PROCESS_START = SecurityLogTags.SECURITY_APP_PROCESS_START;
Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	72	/**
Michal Karpinski	31502d3	2016-01-25 16:43:07 +0000	[diff] [blame]	73	* Indicate that keyguard is being dismissed.
				74	* There is no extra payload in the log event.
Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	75	*/
Michal Karpinski	31502d3	2016-01-25 16:43:07 +0000	[diff] [blame]	76	public static final int TAG_KEYGUARD_DISMISSED =
				77	SecurityLogTags.SECURITY_KEYGUARD_DISMISSED;
				78	/**
				79	* Indicate that there has been an authentication attempt to dismiss the keyguard. The log entry
Michal Karpinski	ed5c8f0	2016-02-09 15:43:41 +0000	[diff] [blame]	80	* contains the following information about the attempt in order, accessible via
				81	* {@link SecurityEvent#getData()}}: attempt result (integer, 1 for successful, 0 for
				82	* unsuccessful), strength of auth method (integer, 1 if strong auth method was used,
				83	* 0 otherwise)
Michal Karpinski	31502d3	2016-01-25 16:43:07 +0000	[diff] [blame]	84	*/
				85	public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT =
				86	SecurityLogTags.SECURITY_KEYGUARD_DISMISS_AUTH_ATTEMPT;
Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	87	/**
				88	* Indicate that the device has been locked, either by user or by timeout.
Michal Karpinski	31502d3	2016-01-25 16:43:07 +0000	[diff] [blame]	89	* There is no extra payload in the log event.
Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	90	*/
Michal Karpinski	31502d3	2016-01-25 16:43:07 +0000	[diff] [blame]	91	public static final int TAG_KEYGUARD_SECURED = SecurityLogTags.SECURITY_KEYGUARD_SECURED;
Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	92
				93	/**
				94	* Returns if device logging is enabled. Log producers should only write new logs if this is
				95	* true. Under the hood this is the logical AND of whether device owner exists and whether
				96	* it enables logging by setting the system property {@link #PROPERTY_LOGGING_ENABLED}.
				97	* @hide
				98	*/
				99	public static native boolean isLoggingEnabled();
				100
				101	/**
				102	* @hide
				103	*/
				104	public static void setLoggingEnabledProperty(boolean enabled) {
				105	SystemProperties.set(PROPERTY_LOGGING_ENABLED, enabled ? "true" : "false");
				106	}
				107
				108	/**
				109	* @hide
				110	*/
				111	public static boolean getLoggingEnabledProperty() {
				112	return SystemProperties.getBoolean(PROPERTY_LOGGING_ENABLED, false);
				113	}
				114
				115	/**
				116	* A class representing a security event log entry.
				117	*/
				118	public static class SecurityEvent implements Parcelable {
				119	private Event mEvent;
				120
				121	/** @hide */
				122	/package/ SecurityEvent(byte[] data) {
				123	mEvent = Event.fromBytes(data);
				124	}
				125
				126	/**
				127	* Returns the timestamp in nano seconds when this event was logged.
				128	*/
				129	public long getTimeNanos() {
				130	return mEvent.getTimeNanos();
				131	}
				132
				133	/**
				134	* Returns the tag of this log entry, which specifies entry's semantics.
				135	* Could be one of {@link SecurityLog#TAG_SYNC_RECV_FILE},
				136	* {@link SecurityLog#TAG_SYNC_SEND_FILE}, {@link SecurityLog#TAG_ADB_SHELL_CMD},
Michal Karpinski	31502d3	2016-01-25 16:43:07 +0000	[diff] [blame]	137	* {@link SecurityLog#TAG_ADB_SHELL_INTERACTIVE}, {@link SecurityLog#TAG_APP_PROCESS_START},
				138	* {@link SecurityLog#TAG_KEYGUARD_DISMISSED}, {@link SecurityLog#TAG_KEYGUARD_SECURED},
				139	* {@link SecurityLog#TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT}.
Rubin Xu	75431fb	2016-01-07 21:12:14 +0000	[diff] [blame]	140	*/
				141	public @SECURITY_LOG_TAG int getTag() {
				142	return mEvent.getTag();
				143	}
				144
				145	/**
				146	* Returns the payload contained in this log. Each call to this method will
				147	* retrieve the next payload item. If no more payload exists, it returns {@code null}.
				148	*/
				149	public Object getData() {
				150	return mEvent.getData();
				151	}
				152
				153	@Override
				154	public int describeContents() {
				155	return 0;
				156	}
				157
				158	@Override
				159	public void writeToParcel(Parcel dest, int flags) {
				160	dest.writeByteArray(mEvent.getBytes());
				161	}
				162
				163	public static final Parcelable.Creator<SecurityEvent> CREATOR =
				164	new Parcelable.Creator<SecurityEvent>() {
				165	@Override
				166	public SecurityEvent createFromParcel(Parcel source) {
				167	return new SecurityEvent(source.createByteArray());
				168	}
				169
				170	@Override
				171	public SecurityEvent[] newArray(int size) {
				172	return new SecurityEvent[size];
				173	}
				174	};
				175	}
				176	/**
				177	* Retrieve all security logs and return immediately.
				178	* @hide
				179	*/
				180	public static native void readEvents(Collection<SecurityEvent> output) throws IOException;
				181
				182	/**
				183	* Retrieve all security logs since the given timestamp in nanoseconds and return immediately.
				184	* @hide
				185	*/
				186	public static native void readEventsSince(long timestamp, Collection<SecurityEvent> output)
				187	throws IOException;
				188
				189	/**
				190	* Retrieve all security logs before the last reboot. May return corrupted data due to
				191	* unreliable pstore.
				192	* @hide
				193	*/
				194	public static native void readPreviousEvents(Collection<SecurityEvent> output)
				195	throws IOException;
				196
				197	/**
				198	* Retrieve all security logs whose timestamp (in nanosceonds) is equal to or greater than the
				199	* given timestamp. This method will block until either the last log earlier than the given
				200	* timestamp is about to be pruned, or after a 2-hour timeout has passed.
				201	* @hide
				202	*/
				203	public static native void readEventsOnWrapping(long timestamp, Collection<SecurityEvent> output)
				204	throws IOException;
				205
				206	/**
				207	* Write a log entry to the underlying storage, with a string payload.
				208	* @hide
				209	*/
				210	public static native int writeEvent(int tag, String str);
				211
				212	/**
				213	* Write a log entry to the underlying storage, with several payloads.
				214	* Supported types of payload are: integer, long, float, string plus array of supported types.
				215	* @hide
				216	*/
				217	public static native int writeEvent(int tag, Object... payloads);
				218	}