On Fri, Sep 6, 2013 at 2:07 PM, Joshua Brindle <[email protected]>wrote:
> Stephen Smalley wrote: > >> On 09/06/2013 03:50 PM, Joshua Brindle wrote: >> >>> Add libaudit support for adding directory watch rules. >>> >>> Add rule parsing support to auditd. >>> >>> Rule format matches auditctl. Currently only supports -w and -e. >>> >>> Change-Id: I8bdaea1b5e2a216eec79cd8c9dae5**83de8295d26 >>> >>> Signed-off-by: Joshua >>> Brindle<brindle@quarksecurity.**com<[email protected]> >>> > >>> >> >> diff --git a/auditd/audit_log.c b/auditd/audit_log.c >>> index ef77a3f..fc50caf 100644 >>> --- a/auditd/audit_log.c >>> +++ b/auditd/audit_log.c >>> @@ -44,7 +44,7 @@ >>> /* Mode for fopen */ >>> #define AUDIT_LOG_FMODE "w+" >>> /* mode for fchmod*/ >>> -#define AUDIT_LOG_MODE (S_IRUSR | S_IWUSR | S_IRGRP) >>> +#define AUDIT_LOG_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) >>> /* flags for fcntl */ >>> #define AUDIT_LOG_FLAGS (O_RDWR | O_CREAT | O_SYNC) >>> >> >> Don't think you meant to include this. >> > > Fair enough. I'm thinking about having auditd broadcast audit entries so > that interested apps can collect them, but I'm not sure how amenable the > community is to that. > > I have thought about doing the same thing, I think I even put a todo about it in audit.c at one point. I would support it, just lock it with an android permission. > > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] > the words "unsubscribe seandroid-list" without quotes as the message. > -- Respectfully, William C Roberts
