On Wed, Jun 17, 2015 at 5:28 PM, Jaejyn Shin <[email protected]> wrote:
> Dear SEAndroid developers > > I see the below comments in the Dan Walsh's blog. > > (https://danwalsh.livejournal.com/34903.html) > > ----------------------------------------------------------------------------------------------- > # echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules > # service auditd restart > > These commands will turn on full auditing mode on your system. > In this mode the kernel adds the *PATH* record to the AVC message: > > ----------------------------------------------------------------------------------------------- > > Is there a way to turn on full auditing mode in the Android ? > Full support like the desktop is not available. However, you can enable it. The easiest way is to enable CONFIG_AUDIT_SYSCALL in your kernel config and patch your kernel (so it thinks it has rules loaded) and it will dump everything via audit subsystem (which is either printk or being routed to logd). See this patches for the kernel patches https://bitbucket.org/seandroid/kernel-exynos/branch/seandroid-exynos-manta-3.4-jb-mr1?dest=android-exynos-manta-3.4-jb-mr1 You will want: https://bitbucket.org/seandroid/kernel-exynos/commits/9a134f7009b37815689e39e8a61f9f7a56c60190?at=android-exynos-manta-3.4-jb-mr1 You may want: https://bitbucket.org/seandroid/kernel-exynos/commits/60579ef395e5976772ee966766cc27127bd42d24?at=android-exynos-manta-3.4-jb-mr1 The audit ratelimit can cause messages to get missed if a bunch of stuff happens, if youre on a new device and its spewing logs, you may want to apply this to get them all and then revert when youre done. If you want to be able to load rules from userspace, very limited support was introduced by Josh Brindle and was never mainlined. Look at the auditdd code (part which was merged into logd) https://bitbucket.org/seandroid/system-core/branch/seandroid-4.3 These patches are of interest: https://bitbucket.org/seandroid/system-core/commits/210a2e87ad240fc612cc18ce5b40db7b78533950?at=master https://bitbucket.org/seandroid/system-core/commits/ac8ff9a6dbca832125d9c349da91d8899127aea8?at=master Additional history for the auditd functionality logd merge is here: https://android-review.googlesource.com/#/c/89645/ Hope this helps. Bill > > Thank you > Best regards > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > -- Respectfully, William C Roberts
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
