Thank you for your quick and detail explaining. I will check and try to apply them
Thank you Best regards 2015-06-18 10:10 GMT+09:00 William Roberts <[email protected]>: > > > On Wed, Jun 17, 2015 at 5:28 PM, Jaejyn Shin <[email protected]> > wrote: > >> Dear SEAndroid developers >> >> I see the below comments in the Dan Walsh's blog. >> >> (https://danwalsh.livejournal.com/34903.html) >> >> ----------------------------------------------------------------------------------------------- >> # echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules >> # service auditd restart >> >> These commands will turn on full auditing mode on your system. >> In this mode the kernel adds the *PATH* record to the AVC message: >> >> ----------------------------------------------------------------------------------------------- >> >> Is there a way to turn on full auditing mode in the Android ? >> > > Full support like the desktop is not available. However, you can enable it. > The easiest way is to enable CONFIG_AUDIT_SYSCALL in your kernel > config and patch your kernel (so it thinks it has rules loaded) and it will > dump everything via audit subsystem (which is either printk or being routed > to logd). See this patches for the kernel patches > > > https://bitbucket.org/seandroid/kernel-exynos/branch/seandroid-exynos-manta-3.4-jb-mr1?dest=android-exynos-manta-3.4-jb-mr1 > > You will want: > > https://bitbucket.org/seandroid/kernel-exynos/commits/9a134f7009b37815689e39e8a61f9f7a56c60190?at=android-exynos-manta-3.4-jb-mr1 > > You may want: > > https://bitbucket.org/seandroid/kernel-exynos/commits/60579ef395e5976772ee966766cc27127bd42d24?at=android-exynos-manta-3.4-jb-mr1 > > The audit ratelimit can cause messages to get missed if a bunch of stuff > happens, if youre on a new device and its spewing logs, you may > want to apply this to get them all and then revert when youre done. > > If you want to be able to load rules from userspace, very limited support > was introduced by Josh Brindle and was never mainlined. > > Look at the auditdd code (part which was merged into logd) > https://bitbucket.org/seandroid/system-core/branch/seandroid-4.3 > > These patches are of interest: > > https://bitbucket.org/seandroid/system-core/commits/210a2e87ad240fc612cc18ce5b40db7b78533950?at=master > > https://bitbucket.org/seandroid/system-core/commits/ac8ff9a6dbca832125d9c349da91d8899127aea8?at=master > > Additional history for the auditd functionality logd merge is here: > https://android-review.googlesource.com/#/c/89645/ > > Hope this helps. > > Bill > > > > > > >> >> Thank you >> Best regards >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to >> [email protected]. >> > > > > -- > Respectfully, > > William C Roberts > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
