On 05/04/2015 01:24 PM, Datta, Souvik wrote: > Hi, > I have a requirement where an android service would receive a notification > from the kernel in case there is an AVC denial. Can some one please tell > whether SELinux provides such facility to pass this AVC denial notification > from kernel to user space. > I am wondering how this is handled in Fedora where we get a visual > notification in case there is a AVC denial.
In 5.0 and later, avc denials are received by the logd daemon via an audit netlink socket and then logged to both the kernel message buffer (visible via dmesg or cat /proc/kmsg) and to logcat (both to events and to main). 4.4.4 doesn't include logd. For a time we had an auditd daemon (contributed by Samsung) in our branches that was submitted to AOSP and ultimately used as the basis for the logd audit support, but that was never included in AOSP 4.4. You can certainly roll your own daemon or back-port logd or grab auditd from our branches. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
