Thank you for your advice. Yes. I patched auditd to my kernel referring http://selinuxproject.org/page/NB_SEforAndroid_1#auditd_Daemon
I am finding writing logs to both sides (/data/misc/audit and kernel log) but it is not easy to find the way. Thank you Best regards 2013/11/9 Joshua Brindle <[email protected]> > Jaejyn Shin wrote: > >> I apply auditd to my android, and the violation logs are written in the >> /data/misc/audit directory successfully. >> But the logs are not written in the kernel log if I use the auditd . >> I want to write logs in the both of paths, kernel log and /data/misc/audit >> Is it possible? >> > > If you patch your kernel, perhaps. > > On Linux, in general, once something connects to the audit netlink socket > certain logs stop going to the kernel ring buffer and only go to auditd. > >
