Logd (Android L)
Logd (Android L)
Android L defines a new, much needed logging mechanism with its logd daemon. This
daemon serves as a centralized user-mode logger, as opposed to the traditional Android's
/dev/log/ files, implemented in kernel ring buffers. This not only addresses the main shortcomings of
the ring buffers - their small size and resident memory requirements, but also allows logd to
integrate with SELinux auditing, by registering itself as the auditd, which receives the SELinux
messages from the kernel (via netlink), and records them in the system log.
Another important new feature provided by logd is log pruning, which allows the automatic
clearing or retaining of log records from specific UID. This aims to solve the problem of logs being
flooded with messages from overly-verbose processes, which make it harder to separate the wheat
from the chaff. logd allows for white lists (UIDs or PIDs whose messages will be retained for
longer) and ~blacklists (UIDs or PIDs whose messages will be quickly pruned), using the new -P
switch of logcat.
Note this service is designed with not one, but four sockets:
The logd spawns listener threads over its sockets, as well as threads for clients (spawned on
demand). The threads are individually named (using prctl(2)) so you can see them for yourself in
logd's /proc/$pid/task/ when logd is running.
As with the traditional logs, logd recognizes the log buffers of main, radio, events, and system,
along with a new log - crash - added in L. These logs are identified by their "log ids" (lids),
numbered 0 through 5, respectively.
The logd recognizes several system properties, all in the logd namespace, which toggle its
behavior. Those are well documented in the README.property file in logd's directory, shown here for
convenience:
Clients can connect to /dev/socket/logd to control logd with an array of protocol commands.
Commonly, the client doing so is the logcat command, which has been modified to use the socket,
rather than the legacy ioctl(2) codes over /dev/log. The commands are shown in Table 4-9:
The commands in gray require the caller to possess log credentials - be root, possess a primary
GID of root, system, or log, or a secondary GID of log. To verify the last case the code of logd uses
a crude method, of parsing the caller's /proc/pid/status and sifting through its "Groups:" line.
d(tag, msg) e(tag, msg) i(tag, msg) v(tag, msg) w(tag, msg)
priority=DEBUG priority=ERROR priority=INFO priority=VERBOSE priority=WARN
liblog
__android_log_buf_write(bufID, priority, tag, msg)
/dev/socket/logdw
The familiar logcat command in L still sports the same command-line arguments it has in the
past. Its underlying implementation, however, has rewritten to use logd through an updated
liblog API. Clients such as logcat can connect to the logd reader socket (/dev/socket/logdr), and
instruct the LogReader instance of logd to provide the log by writing parameters to it, as shown
in the following table:
Table 4-logdr: Parameters recognized by logd over the reader socket
Parameter Provides
lids=value Log IDs
start=value Start time from log to dump (default is EPOCH, start of log)
tail=value Number of lines from log to dump (as per tail(1) command)
pid=value Filter by PID originator of log messages
dumpAndClose Tells reader thread to exit when log dumping is done
Log records are serialized into a logger_entry_v3 structures before being passed to the
reader over the socket. The structure format is shown in the following figure:
Putting all the above together, we can now observe logd in action, through the logcat
command, as shown in the following experiment:
# Tracing logcat during an adb logcat operation shows messages are received
# from file descriptor 3, and sent to file descriptor 1 (stdout)
Sifting through logd's thread to find and trace the logd.reader.per thread instance will
show you the logging from the perspective of logd, and is left as an exercise for the reader.
Note: This file is a sample chapter from the full book - "Android Internals: A confectioner's
cookbook" - which can be found on http://NewAndroidBook.com/. The chapter was made
available for free as a preview of the book (think of it like Amazon's "Look Inside" :-). I
encourage you to check out Technologeeks.com Android Internals training, which builds
on the book and expands it further with Instructor Led Training.
Note some links (to other chapters in the book) will not work in this file (since it is partial),
but external links will. Feedback, questions and requests are always welcome.