Thank you so much for the detailed explanation! I will try it. Thank you very much! Have a nice day! ---- Looking forward to your reply
Best Regards! Sincerely yours, *Ruowen Wang* **Graduate Student Department of Computer Science North Carolina State University E-mail: [email protected] On Wed, Oct 9, 2013 at 9:13 AM, Stephen Smalley <[email protected]> wrote: > On 10/09/2013 08:49 AM, Stephen Smalley wrote: > > On 10/08/2013 11:21 PM, William Roberts wrote: > >> You could change all occurances of allow to auditallow. This will still > let > >> the action go through, but log it. > >> > >> You can use sed to make this change. > > > > Not quite right. auditallow doesn't allow anything; it merely enables > > auditing of allowed permissions (i.e. granted messages). You still need > > the allow rule to permit the action. > > > > Also, if you auditallow everything, you will likely DOS the system from > > an audit flood. > > > > AFAIK, the only reason you don't see granted messages in audit.log on > > Android is that we have no auditallow rules in our default policy for > > Android. But you can certainly add them. But don't add them blindly; > > only add them when you want to see every time a particular permission is > > granted. > > Just to confirm, with the attached patch for external/sepolicy, I do get > granted messages in audit.log: > type=1400 msg=audit(1381323943.710:3): avc: granted { setenforce } for > pid=1 comm="init" scontext=u:r:kernel:s0 tcontext=u:object_r:kernel:s0 > tclass=security > type=1400 msg=audit(1381323945.400:5): avc: granted { load_policy } > for pid=1 comm="init" scontext=u:r:init:s0 > tcontext=u:object_r:kernel:s0 tclass=security > > This isn't overly useful however as these days the kernel already has > explicit audit events defined for setting enforcing mode and loading > policy, so you already get separate audit messages for those actions: > type=1403 msg=audit(1381323943.710:2): policy loaded auid=4294967295 > ses=4294967295 > type=1404 msg=audit(1381323943.710:4): enforcing=1 old_enforcing=0 > auid=4294967295 ses=4294967295 > > >
