1

I have seen that selinux need to enable auditing support. I want to know the difference between audit and audit2allow, can I just use audit2allow instead of audit? It seems that no audit support in android code, only audit2allow.

For the audit, I mean the audit package at http://people.redhat.com/sgrubb/audit/.

roMoon
  • 91
  • 10

1 Answers1

1

audit is a daemon, which log denied access (AVC) into /var/log/audit/audit.log

audit2allow is a user-tool to transfer AVP-log into a SELinux-Policy.

examples:

  • show reason for denied access: cat audit.log | audit2why
  • create SELinux-Policy foo.pp: cat audit.log | audit2allow -M foo
admirableadmin
  • 2,669
  • 1
  • 24
  • 41