On 04/01/2013 04:32 PM, Persaud, Ryan K. wrote:
Stephen, thanks for the detailed explanation. You mentioned in the past that more detailed denial logging can be enabled by compiling the kernel with CONFIG_AUDITSYSCALL. I was able to find a patch (https://github.iu.edu/nhusted/AuditdAndroid/blob/master/patches/android-kernel-goldfish-2.6.29-audit.patch) to enable this auditing for the goldfish kernel that I was using with the emulator. However, I have not been able to find a similar patch for grouper. Do you know if such a patch exists?
I don't know offhand of a backport to that kernel, but the AUDITSYSCALL support for ARM was mainstreamed circa Linux 3.3 (with further fixes since that time). So the 3.4-based kernels, including the newer goldfish 3.4 and manta 3.4 kernels, already include the necessary support for it. I have a small patch to the exynos kernel that further enables collection of pathnames by default, as that is normally disabled unless you have syscall audit filters defined.
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
