Will, my sincere apologies, I was unaware Google had written one up ( I've only ever been looking at Jellybean's external directory these days). Where's the code for your audit port hanging out? I'm really glad to see someone took the time and did it right. Thanks!

Cheers,
Nathaniel

On Tue, Jun 18, 2013 at 4:09 PM, William Roberts <bill.c.roberts@gmail.com> wrote:
Nathan,

The "robust port that Google has" was done by me, so we can always use that :-P The newest features that i back-ported from the upstream kernel were for a separate feature need that came about when I was at Samsung, which was the need to send the kernel messages to both kmsg and a userspace auditd. Eric created a patch for a more generic feature setting and retrieval implementation on the kernel side, that I rebased my kernel patch for the "always send to kmsg feature" onto. They were tested on the desktop, seemed to be fine. I just haven't had the time to get back to the Android port to test it; likely it will be fine. I just wanted to keep Eric/community abreast of my porting activity.

FYI I saw your port early on, the reason I wrote one from scratch was due to the license issues.

Bill


On Tue, Jun 18, 2013 at 1:19 PM, Nathaniel Husted <nhusted@gmail.com> wrote:
If you'd like to test your patch out I have a userland fork of audit you can use (https://github.com/nwhusted/AuditdAndroid). For various reasons we gutted the networking implementation in userland and shoved audisp's AF_Unix plugin where auditd's networking should be (don't ask). Only auditd and auditctl will compile (the other programs have certain GNU/libc stuff that I didn't write bridge-code for), but that should be more then enough to run through some logging on Android.

At some point I'll have time to go back and make a robust port of audit as Google has started (hopefully) getting there stuff together and turning bionic from a piece of junk into something usable.

Cheers,
Nathaniel

On Mon, Jun 17, 2013 at 10:08 AM, William Roberts <bill.c.roberts@gmail.com> wrote:
So I ported the initial "audit: implement generic feature setting and retrieving" to Android as well as rebased my patch ontop. Since I didn't author the original patch, I just wanted to keep you abreast of where it was going.

https://android-review.googlesource.com/#/c/60880/

--
Respectfully,

William C Roberts


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit




--
Respectfully,

William C Roberts