Jaejyn Shin wrote:
Hi SEAndroid A denial log is printed during Enforcing-mode but it is not printed during permissive-mode. To check it in detail, I inserted printk at the end of avc_audit function of avc.c. 551 audited = requested & avd->auditallow; 552 if (likely(!audited)) 553 return 0; 554 printk(KERN_ERR "jaejyn call slow_avc_audit\n"); //jaejyn.shin 555 return slow_avc_audit(ssid, tsid, tclass, 556 requested, audited, denied, 557 a, flags); 558 } The 554 line was also printed during Enforcing-mode but it is not printed during permissive-mode. The policies of Enforcing and Permissive are exactly same in the same image? Or is there any difference ? Thank you
Denials are only logged once in permissive mode, but logged every time in enforcing. Are you looking in dmesg or auditd? I've had problems on some Android devices because the kernel ring buffer is small and seems to roll by the time auditd starts, or I can get access to it via adb.
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
