Disable kernel message in logd.rc

this prevents logd from accessing kernel messages
Halium · Dec 4, 2024 · 33c6c56 · 33c6c56
1 parent 6b27f73
commit 33c6c56
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 1 deletion.
diff --git a/device.mk b/device.mk
@@ -29,7 +29,8 @@ PRODUCT_PACKAGES += \
     init.disabled.rc \
     init.halium.rc \
     vndk-detect \
-    on-post-data.sh
+    on-post-data.sh \
+    logd.rc
 
 # Keymaster
 PRODUCT_PACKAGES += \

diff --git a/rootdir/Android.mk b/rootdir/Android.mk
@@ -20,6 +20,14 @@ LOCAL_SRC_FILES    := etc/init.disabled.rc
 LOCAL_MODULE_PATH  := $(TARGET_OUT_ETC)/init
 include $(BUILD_PREBUILT)
 
+include $(CLEAR_VARS)
+LOCAL_MODULE       := logd.rc
+LOCAL_MODULE_TAGS  := optional
+LOCAL_MODULE_CLASS := ETC
+LOCAL_SRC_FILES    := etc/init/logd.rc
+LOCAL_MODULE_PATH  := $(TARGET_OUT_ETC)/init/logd.rc
+include $(BUILD_PREBUILT)
+
 include $(CLEAR_VARS)
 LOCAL_MODULE       := vndk-detect
 LOCAL_MODULE_TAGS  := optional

diff --git a/rootdir/etc/init/logd.rc b/rootdir/etc/init/logd.rc
@@ -0,0 +1,34 @@
+service logd /system/bin/logd
+    socket logd stream 0666 logd logd
+    socket logdr seqpacket 0666 logd logd
+    socket logdw dgram+passcred 0222 logd logd
+    user logd
+    group logd system package_info readproc
+    capabilities SYSLOG AUDIT_CONTROL
+    priority 10
+    task_profiles ServiceCapacityLow
+    onrestart setprop logd.ready false
+
+service logd-reinit /system/bin/logd --reinit
+    oneshot
+    disabled
+    user logd
+    group logd
+    task_profiles ServiceCapacityLow
+
+# Limit SELinux denial generation to 5/second
+service logd-auditctl /system/bin/auditctl -r 5
+    oneshot
+    disabled
+    user logd
+    group logd
+    capabilities AUDIT_CONTROL
+
+on fs
+    write /dev/event-log-tags "# content owned by logd
+"
+    chown logd logd /dev/event-log-tags
+    chmod 0644 /dev/event-log-tags
+
+on property:sys.boot_completed=1
+    start logd-auditctl