29d238d2a8
Initial commit for an audit daemon that writes kernel audit messages to the Android logger. The daemon searches dmesg for all lines that contain "audit" and writes them. Then receiving the messages from the netlink socket. It also formats the messages so they are compatable with ausearch (type=<t> <m> format) Modified: Mark Salyzyn <salyzyn@google.com> - do not start auditd - merge into logd, stripping unnecessary file logging. - Convert headers and code to support C++ - Fix bugs in libaudit - squash timestamp (replace with 0.0) due to duplication - squash pid due to duplication - squash comm due to duplication Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe |
||
|---|---|---|
| .. | ||
| Android.mk | ||
| CommandListener.cpp | ||
| CommandListener.h | ||
| FlushCommand.cpp | ||
| FlushCommand.h | ||
| libaudit.c | ||
| libaudit.h | ||
| LogAudit.cpp | ||
| LogAudit.h | ||
| LogBuffer.cpp | ||
| LogBuffer.h | ||
| LogBufferElement.cpp | ||
| LogBufferElement.h | ||
| LogCommand.cpp | ||
| LogCommand.h | ||
| LogListener.cpp | ||
| LogListener.h | ||
| LogReader.cpp | ||
| LogReader.h | ||
| LogStatistics.cpp | ||
| LogStatistics.h | ||
| LogTimes.cpp | ||
| LogTimes.h | ||
| LogWhiteBlackList.cpp | ||
| LogWhiteBlackList.h | ||
| main.cpp | ||
| README.auditd | ||
Auditd Daemon The audit daemon is a simplified version of its desktop counterpart designed to gather the audit logs from the audit kernel subsystem. The audit subsystem of the kernel includes Linux Security Modules (LSM) messages as well. To enable the audit subsystem, you must add this to your kernel config: CONFIG_AUDIT=y To enable a LSM, you must consult that LSM's documentation, the example below is for SELinux: CONFIG_SECURITY_SELINUX=y This does not include possible dependencies that may need to be satisfied for that particular LSM.