Change-Id: I82f39aae8264707bdc8eae9e32cfbf650545a0fa
---
auditd/auditd.c | 8 ++++++++
auditd/libaudit.c | 25 +++++++++++++++++++++++++
auditd/libaudit.h | 33 +++++++++++++++++++++++++++++++++
3 files changed, 66 insertions(+)
diff --git a/auditd/auditd.c b/auditd/auditd.c
index 6a4ecae..beaff51 100644
--- a/auditd/auditd.c
+++ b/auditd/auditd.c
@@ -19,6 +19,7 @@
#define LOG_TAG "auditd"
#include <stdio.h>
+#include <stdbool.h>
#include <stdlib.h>
#include <errno.h>
@@ -188,6 +189,13 @@ int main(int argc, char *argv[])
goto err;
}
+ if (audit_set_cmdline_output(audit_fd, false, WAIT_NO) < 0) {
+ rc = errno;
+ SLOGE("Failed on audit_set_cmdline_feature with error: %s",
strerror(errno));
+ goto err;
+ }
+
+
pfds.fd = audit_fd;
pfds.events = POLLIN;
diff --git a/auditd/libaudit.c b/auditd/libaudit.c
index 06e5557..2771d92 100644
--- a/auditd/libaudit.c
+++ b/auditd/libaudit.c
@@ -220,6 +220,31 @@ out:
return rc;
}
+int audit_set_cmdline_output(int fd, bool val, rep_wait_t wmode)
+{
+ int rc;
+ struct audit_reply rep;
+ struct audit_features features;
+
+ memset(&features, 0, sizeof(features));
+
+ features.vers = 1;
+ features.mask = AUDIT_FEATURE_TO_MASK(AUDIT_FEATURE_CMDLINE_OUTPUT);
+ features.features |= (val == true) << AUDIT_FEATURE_CMDLINE_OUTPUT;
+
+ rc = audit_send(fd, AUDIT_SET_FEATURE, &features, sizeof(features));
+ if (rc < 0) {
+ SLOGE("Could net set cmdline output for audit events, error: %s",
strerror(-rc));
+ return rc;
+ }
+
+ if (wmode != WAIT_NO) {
+ audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ }
+
+ return 0;
+}
+
int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
{
int rc;
diff --git a/auditd/libaudit.h b/auditd/libaudit.h
index fbaa7b9..7fc8138 100644
--- a/auditd/libaudit.h
+++ b/auditd/libaudit.h
@@ -22,11 +22,30 @@
#include <stdint.h>
#include <sys/socket.h>
#include <sys/types.h>
+#include <stdbool.h>
#include <linux/netlink.h>
#include <linux/audit.h>
#define MAX_AUDIT_MESSAGE_LENGTH 8970
+#define AUDIT_SET_FEATURE 1018
+#define AUDIT_GET_FEATURE 1019
+#define AUDIT_FEATURE_CHANGE 1020
+
+struct audit_features {
+#define AUDIT_FEATURE_VERSION 1
+ __u32 vers;
+ __u32 mask;
+ __u32 features;
+ __u32 lock;
+};
+
+#define AUDIT_FEATURE_CMDLINE_OUTPUT 0
+#define AUDIT_LAST_FEATURE AUDIT_FEATURE_CMDLINE_OUTPUT
+
+#define audit_feature_valid(x) ((x) >= 0 && (x) <= AUDIT_LAST_FEATURE)
+#define AUDIT_FEATURE_TO_MASK(x) (1 << ((x) & 31))
+
typedef enum {
GET_REPLY_BLOCKING=0,
GET_REPLY_NONBLOCKING
@@ -108,4 +127,18 @@ extern int audit_get_reply(int fd, struct audit_reply
*rep, reply_t block,
*/
extern int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode);
+/**
+ * Turns on (true) or off (false) the cmdline autput of the audit records.
+ * @param fd
+ * The fd returned by a call to audit_open()
+ * @param val
+ * True for on, flase for off.
+ * @param wmode
+ * Whether or not to block on the underlying socket io calls.
+ * @return
+ * This function returns 0 on success, -errno on error.
+ */
+extern int audit_set_cmdline_output(int fd, bool val, rep_wait_t wmode);
+
+
#endif
--
1.7.9.5
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.
