On 06/18/2014 02:58 PM, Ruowen Wang wrote: > Hi all, > > Looks like the auditd daemon has been removed in seandroid-4.4.3 branch. > Is it because of some security issues of the auditd? Because we have a > large number of denials to analyze, we previously increased the size of > audit.log. I don't know if there is a way to add auditd back, or some > other ways maybe increase the buffer size of dmesg?
I dropped it because AOSP master has integrated audit support into logd (avc messages now available in logcat output there) and therefore auditd has no long term future as a separate service. adb shell su 0 cat /proc/kmsg > dmesg.txt & is what we commonly use to collect denials on 4.4.3 and earlier. Then you don't have to worry about rollover of the kernel ring buffer as they will all be saved to a file on the host. Or if you want to capture them all across multiple reboots (as during a CTS run), you can do something like this: while (true) do adb shell su 0 cat /proc/kmsg >> dmesg.txt adb wait-for-device done _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
