From: Marcin Niesluchowski Date: Thu, 20 Jun 2013 07:57:50 +0000 (+0200) Subject: Changing some error logs to warnings and turning off debug logs on security-server. X-Git-Tag: 2.2_release~2^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c93e2e6d55a800bd436ed6d56eab3e1edc16976f;p=framework%2Fsecurity%2Fsecurity-server.git Changing some error logs to warnings and turning off debug logs on security-server. [Issue#] SSDWSSP-331 [Bug/Feature] Too many error logs. Debug logs should be turned off. [Cause] N/A [Solution] N/A [Verification] Checking logs and running tests. Change-Id: I060a891700e161064980c97a5b90c32eef47fca6 --- diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 258ea12..4f5eb84 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -22,7 +22,8 @@ SET(SECURITY_SERVER_SOURCES SET_SOURCE_FILES_PROPERTIES( ${SECURITY_SERVER_SOURCES} PROPERTIES - COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG") + COMPILE_FLAGS "-D_GNU_SOURCE") + # with flag -DSECURITY_SERVER_DEBUG_DLOG debug and warning logs on INCLUDE_DIRECTORIES( ${SECURITY_SERVER_PATH}/include @@ -51,7 +52,8 @@ ADD_LIBRARY(${TARGET_SECURITY_CLIENT} SHARED ${SECURITY_CLIENT_SOURCES}) SET_TARGET_PROPERTIES( ${TARGET_SECURITY_CLIENT} PROPERTIES - COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG -fPIC" + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC" + # with flag -DSECURITY_SERVER_DEBUG_DLOG debug and warning logs on SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR} VERSION ${SECURITY_CLIENT_VERSION} ) diff --git a/src/client/security-server-client.c b/src/client/security-server-client.c index c7b2f67..fe42483 100644 --- a/src/client/security-server-client.c +++ b/src/client/security-server-client.c @@ -636,7 +636,7 @@ err: if (ret > 0) SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path); else - SECURE_LOGE("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path); + SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path); free(path); free(subject); @@ -1392,7 +1392,7 @@ int security_server_check_privilege_by_pid(int pid, const char *object, const ch SEC_SVR_DBG("%s","Client: There is privilege match"); retval = SECURITY_SERVER_SUCCESS; } else { - SEC_SVR_ERR("%s","Client: There is no privilege match"); + SEC_SVR_WRN("%s","Client: There is no privilege match"); retval = SECURITY_SERVER_ERROR_ACCESS_DENIED; } diff --git a/src/communication/security-server-comm.c b/src/communication/security-server-comm.c index 06f2ee9..c9525d7 100644 --- a/src/communication/security-server-comm.c +++ b/src/communication/security-server-comm.c @@ -2150,7 +2150,12 @@ int recv_generic_response(int sockfd, response_header *hdr) if (hdr->return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS) { - SEC_SVR_ERR("Client: return code is not success: %d", hdr->return_code); + /* Return codes + * SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST + * SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE + * are not errors but warnings + */ + SEC_SVR_WRN("Client: return code is not success: %d", hdr->return_code); return return_code_to_error_code(hdr->return_code); } return SECURITY_SERVER_SUCCESS; diff --git a/src/include/security-server-common.h b/src/include/security-server-common.h index b69e9e3..8b1ce73 100644 --- a/src/include/security-server-common.h +++ b/src/include/security-server-common.h @@ -23,6 +23,7 @@ #define SECURITY_SERVER_COMMON_H #include +#include /* Definitions *********************************************************/ /* Return value. Continuing from return value of the client header file */ @@ -106,15 +107,6 @@ typedef struct _cookie_list void printhex(const unsigned char *data, int size); -/* Debug */ -#ifdef SECURITY_SERVER_DEBUG_TO_CONSOLE /* debug msg will be printed in console */ -#define SEC_SVR_DBG(FMT, ARG ...) fprintf(stderr, "[DBG:%s:%d] "FMT "\n", \ - __FILE__, __LINE__, ##ARG) -#define SEC_SVR_ERR(FMT, ARG ...) fprintf(stderr, "[ERR:%s:%d] "FMT "\n", \ - __FILE__, __LINE__, ##ARG) - -#elif SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */ - /* for SECURE_LOG* purpose */ #undef _SECURE_ #ifndef _SECURE_LOG @@ -129,17 +121,41 @@ void printhex(const unsigned char *data, int size); #define SECURE_LOG_(id, prio, tag, fmt, arg ...) \ (_SECURE_ ? (__dlog_print(id, prio, tag, "%s: %s(%d) > [SECURE_LOG] " fmt, __MODULE__, __func__, __LINE__, ##arg)) : (0)) +#ifdef LOG_TAG + #undef LOG_TAG +#endif +#define LOG_TAG "SECURITY_SERVER" + #define SECURE_LOGD(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_DEBUG, LOG_TAG, format, ##arg) #define SECURE_LOGI(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_INFO, LOG_TAG, format, ##arg) #define SECURE_LOGW(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_WARN, LOG_TAG, format, ##arg) #define SECURE_LOGE(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg) /****************************/ -#define LOG_TAG "SECURITY_SERVER" -#include -#define SEC_SVR_DBG SLOGD + +/* Debug */ +#ifdef SECURITY_SERVER_DEBUG_TO_CONSOLE /* debug msg will be printed in console */ +#define SEC_SVR_DBG(FMT, ARG ...) fprintf(stderr, "[DBG:%s:%d] "FMT"\n", \ + __FILE__, __LINE__, ##ARG) +#define SEC_SVR_WRN(FMT, ARG ...) fprintf(stderr, "[WRN:%s:%d] "FMT"\n", \ + __FILE__, __LINE__, ##ARG) +#define SEC_SVR_ERR(FMT, ARG ...) fprintf(stderr, "[ERR:%s:%d] "FMT"\n", \ + __FILE__, __LINE__, ##ARG) + +#else #define SEC_SVR_ERR LOGE +#if SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */ +#define SEC_SVR_DBG SLOGD +#define SEC_SVR_WRN LOGW #else /* No debug output */ -#define SEC_SVR_DBG(FMT, ARG ...) {} -#endif + +#define SEC_SVR_DBG(FMT, ARG ...) do { } while(0) +#define SEC_SVR_WRN(FMT, ARG ...) do { } while(0) +#undef SECURE_LOGD +#define SECURE_LOGD(FMT, ARG ...) do { } while(0) +#undef SECURE_LOGW +#define SECURE_LOGW(FMT, ARG ...) do { } while(0) + +#endif // SECURITY_SERVER_DEBUG_DLOG +#endif // SECURITY_SERVER_DEBUG_TO_CONSOLE #endif diff --git a/src/server/security-server-cookie.c b/src/server/security-server-cookie.c index 14248b4..3ae10ec 100644 --- a/src/server/security-server-cookie.c +++ b/src/server/security-server-cookie.c @@ -286,7 +286,7 @@ cookie_list *search_cookie_new(const cookie_list *c_list, if (ret > 0) SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path); else - SECURE_LOGE("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path); + SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path); if (ret == 1) { diff --git a/src/server/security-server-main.c b/src/server/security-server-main.c index 594d6a8..c417de7 100644 --- a/src/server/security-server-main.c +++ b/src/server/security-server-main.c @@ -202,10 +202,9 @@ int authorize_SS_API_caller_socket(int sockfd, char *required_API_label, char *r //some log in SMACK format if (retval > 0) - SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); + SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); else - SEC_SVR_ERR("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); - + SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); end: if (path != NULL) free(path); @@ -637,7 +636,7 @@ int process_check_privilege_request(int sockfd) else { /* It's not exist */ - SEC_SVR_ERR("Could not find the cookie with %d privilege", requested_privilege); + SEC_SVR_WRN("Could not find the cookie with %d privilege", requested_privilege); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE, SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED); @@ -709,7 +708,7 @@ int process_check_privilege_new_request(int sockfd) else { /* It's not exist */ - SEC_SVR_ERR("Could not find the cookie with %s rights", access_rights); + SEC_SVR_WRN("Could not find the cookie with %s rights", access_rights); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE, SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED); @@ -795,7 +794,6 @@ int process_object_name_request(int sockfd) { SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval); } - error: return retval; } @@ -818,7 +816,6 @@ int process_gid_request(int sockfd, int msg_len) } goto error; } - if (msg_len >= SECURITY_SERVER_MAX_OBJ_NAME) { /* Too big ojbect name */ @@ -1124,7 +1121,7 @@ int process_pid_privilege_check(int sockfd, int datasize) if (retval > 0) SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path); else - SECURE_LOGE("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path); + SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path); if (path != NULL) free(path); @@ -1414,7 +1411,7 @@ int client_has_access(int sockfd, const char *object) } if (SECURITY_SERVER_SUCCESS == authenticate_client_application(sockfd, &pid, &uid)) - SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d", + SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d", pid, label, object, ret); free(label);