From 29d238d2a8e12c131a4cfbccb912e525cca6b10d Mon Sep 17 00:00:00 2001 From: William Roberts Date: Fri, 8 Feb 2013 09:45:26 +0900 Subject: logd: selinux auditd initial commit Initial commit for an audit daemon that writes kernel audit messages to the Android logger. The daemon searches dmesg for all lines that contain "audit" and writes them. Then receiving the messages from the netlink socket. It also formats the messages so they are compatable with ausearch (type= format) Modified: Mark Salyzyn - do not start auditd - merge into logd, stripping unnecessary file logging. - Convert headers and code to support C++ - Fix bugs in libaudit - squash timestamp (replace with 0.0) due to duplication - squash pid due to duplication - squash comm due to duplication Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe --- logd/main.cpp | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'logd/main.cpp') diff --git a/logd/main.cpp b/logd/main.cpp index 8792d32..83ec6c0 100644 --- a/logd/main.cpp +++ b/logd/main.cpp @@ -34,6 +34,7 @@ #include "CommandListener.h" #include "LogBuffer.h" #include "LogListener.h" +#include "LogAudit.h" static int drop_privs() { struct sched_param param; @@ -63,7 +64,10 @@ static int drop_privs() { capheader.pid = 0; capdata[CAP_TO_INDEX(CAP_SYSLOG)].permitted = CAP_TO_MASK(CAP_SYSLOG); - capdata[CAP_TO_INDEX(CAP_SYSLOG)].effective = CAP_TO_MASK(CAP_SYSLOG); + capdata[CAP_TO_INDEX(CAP_AUDIT_CONTROL)].permitted |= CAP_TO_MASK(CAP_AUDIT_CONTROL); + + capdata[0].effective = capdata[0].permitted; + capdata[1].effective = capdata[1].permitted; capdata[0].inheritable = 0; capdata[1].inheritable = 0; @@ -127,6 +131,16 @@ int main() { exit(1); } + // LogAudit listens on NETLINK_AUDIT socket for selinux + // initiated log messages. New log entries are added to LogBuffer + // and LogReader is notified to send updates to connected clients. + + // failure is an option ... messages are in dmesg (required by standard) + LogAudit *al = new LogAudit(logBuf, reader); + if (al->startListener()) { + delete al; + } + pause(); exit(0); } -- cgit v1.1