/external/selinux/python/sepolgen/tests/test_data/ |
D | audit.log | 1 type=AVC msg=audit(1162850331.422:978): avc: denied { ioctl } for pid=6314 comm="pam_timestamp_c… 2 type=SYSCALL msg=audit(1162850331.422:978): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=54… 3 type=AVC_PATH msg=audit(1162850331.422:978): path="pipe:[96391]" 4 type=AVC msg=audit(1162850332.318:979): avc: denied { read } for pid=6306 comm="beagled" name=".… 5 type=SYSCALL msg=audit(1162850332.318:979): arch=40000003 syscall=33 success=yes exit=0 a0=bfdb2fde… 6 type=AVC msg=audit(1162850333.186:980): avc: denied { read } for pid=6306 comm="beagled" name="m… 7 type=SYSCALL msg=audit(1162850333.186:980): arch=40000003 syscall=5 success=yes exit=24 a0=11833c a… 8 type=AVC msg=audit(1162850335.022:981): avc: denied { read write } for pid=6336 comm="clock-appl… 9 type=SYSCALL msg=audit(1162850335.022:981): arch=40000003 syscall=5 success=yes exit=13 a0=9c0e840 … 10 type=AVC msg=audit(1162850335.022:982): avc: denied { lock } for pid=6336 comm="clock-applet" na… [all …]
|
D | httpd.log | 1 type=USER_AVC msg=audit(1163772866.369:8084): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 2 type=USER_AVC msg=audit(1163772866.437:8085): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 3 type=USER_AVC msg=audit(1163772866.449:8086): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 4 type=USER_AVC msg=audit(1163772866.449:8087): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 5 type=USER_AVC msg=audit(1163772866.449:8088): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 6 type=USER_AVC msg=audit(1163772866.453:8089): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 7 type=USER_AVC msg=audit(1163772866.453:8090): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 8 type=USER_AVC msg=audit(1163772866.453:8091): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 9 type=USER_AVC msg=audit(1163772866.453:8092): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… 10 type=USER_AVC msg=audit(1163772866.453:8093): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:st… [all …]
|
D | short.log | 1 type=AVC msg=audit(1162850331.422:978): avc: denied { ioctl } for pid=6314 comm="pam_timestamp_c… 2 type=SYSCALL msg=audit(1162850331.422:978): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=54… 3 type=AVC_PATH msg=audit(1162850331.422:978): path="pipe:[96391]" 4 type=AVC msg=audit(1162850332.318:979): avc: denied { read } for pid=6306 comm="beagled" name=".… 5 type=SYSCALL msg=audit(1162850332.318:979): arch=40000003 syscall=33 success=yes exit=0 a0=bfdb2fde… 6 type=AVC msg=audit(1162850333.186:980): avc: denied { read } for pid=6306 comm="beagled" name="m… 7 type=SYSCALL msg=audit(1162850333.186:980): arch=40000003 syscall=5 success=yes exit=24 a0=11833c a… 8 type=AVC msg=audit(1162850335.022:981): avc: denied { read write } for pid=6336 comm="clock-appl… 9 type=SYSCALL msg=audit(1162850335.022:981): arch=40000003 syscall=5 success=yes exit=13 a0=9c0e840 … 10 type=AVC msg=audit(1162850335.022:982): avc: denied { lock } for pid=6336 comm="clock-applet" na… [all …]
|
/external/selinux/python/sepolgen/tests/ |
D | audit.txt | 1 type=AVC msg=audit(1158584779.745:708): avc: denied { dac_read_search } for pid=8132 comm="sh" c… 2 type=SYSCALL msg=audit(1158584779.745:708): arch=40000003 syscall=195 success=no exit=-13 a0=80d243… 3 type=AVC msg=audit(1158584779.753:709): avc: denied { dac_override } for pid=8133 comm="vpnc-scr… 4 type=AVC msg=audit(1158584779.753:709): avc: denied { dac_read_search } for pid=8133 comm="vpnc-… 5 type=SYSCALL msg=audit(1158584779.753:709): arch=40000003 syscall=195 success=no exit=-13 a0=80d243… 6 type=AVC msg=audit(1158584779.825:710): avc: denied { dac_override } for pid=8134 comm="vpnc-scr… 7 type=AVC msg=audit(1158584779.825:710): avc: denied { dac_read_search } for pid=8134 comm="vpnc-… 8 type=SYSCALL msg=audit(1158584779.825:710): arch=40000003 syscall=195 success=no exit=-13 a0=80d243… 9 type=AVC msg=audit(1158584780.793:711): avc: denied { dac_override } for pid=8144 comm="sh" capa… 10 type=AVC msg=audit(1158584780.793:711): avc: denied { dac_read_search } for pid=8144 comm="sh" c… [all …]
|
D | test_audit.py | 21 import sepolgen.audit 73 avc = sepolgen.audit.AVCMessage(audit1) 82 avc = sepolgen.audit.AVCMessage(granted1) 102 avc = sepolgen.audit.AVCMessage(xperms1) 110 avc = sepolgen.audit.AVCMessage(xperms_invalid) 118 avc = sepolgen.audit.AVCMessage(xperms_without) 126 avc = sepolgen.audit.AVCMessage(audit1) 150 avc = sepolgen.audit.AVCMessage(audit2) 174 path = sepolgen.audit.PathMessage(path1) 186 a = sepolgen.audit.AuditParser() [all …]
|
/external/selinux/python/audit2allow/ |
D | test.log | 1 node=bill.example.com type=AVC_PATH msg=audit(1166045975.667:1128): path="/usr/lib/libGL.so.1.2" 2 type=AVC msg=audit(1166045975.667:1129): avc: denied { write } for comm=local dev=dm-0 name=root.lo… 3 …audit(1166111074.191:74): item=0 name="/etc/auto.net" inode=16483485 dev=fd:00 mode=0100755 ouid=0… 4 node=bob.example.com type=SYSCALL msg=audit(1166111074.191:74): arch=40000003 syscall=33 success=no… 5 node=bob.example.com type=AVC msg=audit(1166111074.191:74): avc: denied { execute } for pid=1394… 6 node=james.example.com type=SYSCALL msg=audit(1165963069.244:851): arch=40000003 syscall=102 succes… 7 node=james.example.com type=AVC msg=audit(1165963069.244:851): avc: denied { name_bind } for pid… 8 node=tom.example.com type=SYSCALL msg=audit(1165963069.244:852): arch=40000003 syscall=102 success=… 9 node=tom.example.com type=AVC msg=audit(1165963069.244:852): avc: denied { name_connect } for pi… 10 node=mary.example.com type=SYSCALL msg=audit(1166023021.373:910): arch=40000003 syscall=12 success=… [all …]
|
D | audit2allow | 25 import sepolgen.audit as audit namespace 99 if options.audit is True or options.boot: 131 parser = audit.AuditParser(last_load_only=self.__options.lastreload) 141 messages = audit.get_dmesg_msgs() 142 elif self.__options.audit: 144 messages = audit.get_audit_msgs() 150 messages = audit.get_audit_boot_msgs() 177 avcfilter = audit.AVCTypeFilter(self.__options.type) 179 csfilter = audit.ComputeSidTypeFilter(self.__options.type)
|
D | audit2why | 25 import sepolgen.audit as audit namespace 99 if options.audit is True or options.boot: 131 parser = audit.AuditParser(last_load_only=self.__options.lastreload) 141 messages = audit.get_dmesg_msgs() 142 elif self.__options.audit: 144 messages = audit.get_audit_msgs() 150 messages = audit.get_audit_boot_msgs() 177 avcfilter = audit.AVCTypeFilter(self.__options.type) 179 csfilter = audit.ComputeSidTypeFilter(self.__options.type)
|
/external/minijail/tools/ |
D | README.md | 23 ### Using linux audit logs to generate policy 33 syscalls via the [audit subsystem][1] (Redhat has a nice overview [here][2]) 36 The audit subsystem itself has a mechanism to log all syscalls. Though a 42 available in distro packages named `python3-audit` or `python-audit`. 44 #### Per-boot setup of audit rules on DUT 46 Set up `audit` rules and an empty seccomp policy for later use. This can be 51 As mentioned above, these extra audit rules enable `SYSCALL` auditing which 73 #### Generate policy using the audit.log 76 ./tools/generate_seccomp_policy.py --audit-comm $PROGRAM_NAME audit.log \ 80 Note that the tool can also consume multiple audit logs and/or strace traces to [all …]
|
/external/iptables/extensions/ |
D | libxt_AUDIT.txlate | 2 nft add rule ip filter INPUT counter log level audit 5 nft add rule ip filter INPUT counter log level audit 8 nft add rule ip filter INPUT counter log level audit
|
D | libxt_AUDIT.man | 1 This target creates audit records for packets hitting the target. 6 Set type of audit record. Starting with linux-4.12, this option has no effect 7 on generated audit messages anymore. It is still accepted by iptables for
|
/external/python/cpython3/Doc/library/ |
D | audit_events.rst | 3 .. index:: single: audit events 8 This table contains all events raised by :func:`sys.audit` or 21 .. audit-event-table::
|
D | winreg.rst | 56 .. audit-event:: winreg.ConnectRegistry computer_name,key winreg.ConnectRegistry 80 .. audit-event:: winreg.CreateKey key,sub_key,access winreg.CreateKey 82 .. audit-event:: winreg.OpenKey/result key winreg.CreateKey 112 .. audit-event:: winreg.CreateKey key,sub_key,access winreg.CreateKeyEx 114 .. audit-event:: winreg.OpenKey/result key winreg.CreateKeyEx 137 .. audit-event:: winreg.DeleteKey key,sub_key,access winreg.DeleteKey 173 .. audit-event:: winreg.DeleteKey key,sub_key,access winreg.DeleteKeyEx 190 .. audit-event:: winreg.DeleteValue key,value winreg.DeleteValue 206 .. audit-event:: winreg.EnumKey key,index winreg.EnumKey 241 .. audit-event:: winreg.EnumValue key,index winreg.EnumValue [all …]
|
D | syslog.rst | 34 .. audit-event:: syslog.syslog priority,message syslog.syslog 50 .. audit-event:: syslog.openlog ident,logoption,facility syslog.openlog 67 .. audit-event:: syslog.closelog "" syslog.closelog 79 .. audit-event:: syslog.setlogmask maskpri syslog.setlogmask
|
/external/selinux/python/sepolgen/ |
D | HACKING | 39 other access vectors - this forms the backbone of how we turn audit 56 Audit Messages (sepolgen.audit) 60 audit system. This is not a general purpose audit parsing library - it 68 deliberately only loosely coupled to the audit parsing to allow
|
/external/cpuinfo/test/dmesg/ |
D | nexus6p.log | 525 [ 0.748902] audit: initializing netlink socket (disabled) 526 [ 0.748972] type=2000 audit(0.743:1): initialized 1238 [ 3.836444] type=1403 audit(2924763.943:2): policy loaded auid=4294967295 ses=4294967295 1239 [ 3.836700] type=1404 audit(2924763.943:3): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294… 1256 [ 4.012791] type=1400 audit(2924764.120:4): avc: denied { mounton } for pid=1 comm="init" pat… 1416 [ 5.240844] type=1400 audit(2924765.336:5): avc: granted { setsched } for pid=409 comm="irq/449-… 1424 [ 5.311609] type=1400 audit(2924765.420:6): avc: granted { setsched } for pid=435 comm="irq/215-… 1436 [ 5.323039] type=1400 audit(2924765.430:7): avc: denied { unlink } for pid=1 comm="init" name="d… 1509 [ 5.524535] type=1400 audit(2924765.633:8): avc: granted { setsched } for pid=451 comm="mdss_fb0… 1560 [ 7.012521] type=1400 audit(2924767.120:9): avc: denied { getattr } for pid=497 comm="e2fsck" pa… [all …]
|
D | xiaomi-mi-5c.log | 299 [ 0.925849] audit: initializing netlink socket (disabled) 300 [ 0.925927] type=2000 audit(0.876:1): initialized 1066 [ 9.481406] type=1403 audit(946685273.930:2): policy loaded auid=4294967295 ses=4294967295 1067 [ 9.482678] type=1404 audit(946685273.930:3): enforcing=1 old_enforcing=0 auid=4294967295 ses=42… 1103 [ 10.096980] type=1400 audit(946685274.543:4): avc: denied { create } for pid=1 comm="init" na… 1193 [ 10.217450] type=1400 audit(946685274.663:5): avc: denied { getattr } for pid=214 comm="e2fsc… 1194 [ 10.217605] type=1400 audit(946685274.663:6): avc: denied { getattr } for pid=214 comm="e2fsc… 1195 [ 10.217686] type=1400 audit(946685274.666:7): avc: denied { read write } for pid=214 comm="e2… 1253 [ 10.495127] type=1400 audit(946685274.943:8): avc: denied { relabelto } for pid=1 comm="init" na… 1255 [ 10.497821] type=1400 audit(946685274.946:9): avc: denied { relabelto } for pid=1 comm="init" na… [all …]
|
D | moto-g-gen5.log | 9 [ 0.556278,2] audit: initializing netlink subsys (disabled) 10 [ 0.556319,2] audit: type=2000 audit(0.553:1): initialized 555 [ 1.714535,1] audit: type=1403 audit(1246455.586:2): policy loaded auid=4294967295 ses=4294967295 556 [ 1.714919,1] audit: type=1404 audit(1246455.586:3): enforcing=1 old_enforcing=0 auid=4294967295… 719 [ 8.235388,6] audit: type=1400 audit(1246462.106:4): avc: denied { mounton } for uid=0 pid=1 … 958 [ 11.306969,1] type=1400 audit(1246465.180:5): avc: denied { read write } for uid=1000 pid=551 co… 1109 [ 20.069037,1] type=1400 audit(1246473.940:6): avc: denied { read write } for uid=1000 pid=720 co… 1115 [ 20.088576,2] type=1400 audit(1246473.960:7): avc: denied { read write } for uid=0 pid=760 comm=… 1119 [ 20.223572,4] type=1400 audit(1485564691.269:8): avc: denied { read write } for uid=1000 pid=830… 1121 [ 20.252694,7] type=1400 audit(1485564691.296:9): avc: denied { read write } for uid=1000 pid=838… [all …]
|
D | nexus5x.log | 455 [ 0.656035] audit: initializing netlink socket (disabled) 456 [ 0.656090] type=2000 audit(0.650:1): initialized 942 [ 2.892043] type=1403 audit(3173073.560:2): policy loaded auid=4294967295 ses=4294967295 943 [ 2.892294] type=1404 audit(3173073.560:3): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294… 1089 [ 4.249950] type=1400 audit(3173074.920:4): avc: denied { write } for pid=1 comm="init" name=… 1191 [ 5.454409] type=1400 audit(3173076.080:5): avc: denied { write } for pid=391 comm="rmt_storage"… 1209 [ 5.621655] type=1400 audit(3173076.290:6): avc: denied { unlink } for pid=1 comm="init" name="d… 1390 [ 8.310258] type=1400 audit(3173078.976:7): avc: denied { read write } for pid=499 comm="imsqmid… 1391 [ 8.310885] type=1400 audit(3173078.980:8): avc: denied { read write } for pid=499 comm="imsqmid… 1392 [ 8.311030] type=1400 audit(3173078.980:9): avc: denied { read write } for pid=499 comm="imsqmid… [all …]
|
D | xiaomi-redmi-note-4.log | 305 [ 0.767438] audit: initializing netlink subsys (disabled) 306 [ 0.767482] audit: type=2000 audit(0.759:1): initialized 1040 [ 5.555599] audit: type=1403 audit(5264352.589:2): policy loaded auid=4294967295 ses=4294967295 1041 [ 5.556269] audit: type=1404 audit(5264352.589:3): enforcing=1 old_enforcing=0 auid=4294967295 s… 1068 [ 5.841366] audit: type=1400 audit(5264352.879:4): avc: denied { create } for pid=1 comm="ini… 1093 [ 6.317018] audit: type=1400 audit(5264353.349:5): avc: denied { create } for pid=1 comm="ini… 1135 [ 6.843866] audit: type=1400 audit(5264353.879:6): avc: denied { getattr } for pid=433 comm="… 1136 [ 6.843977] audit: type=1400 audit(5264353.879:7): avc: denied { getattr } for pid=433 comm="… 1137 [ 6.844048] audit: type=1400 audit(5264353.879:8): avc: denied { read write } for pid=433 com… 1185 [ 6.879517] audit: type=1400 audit(5264353.909:9): avc: denied { setattr } for pid=1 comm="in… [all …]
|
/external/python/cpython3/Lib/ |
D | webbrowser.py | 173 sys.audit("webbrowser.open", url) 193 sys.audit("webbrowser.open", url) 258 sys.audit("webbrowser.open", url) 359 sys.audit("webbrowser.open", url) 443 sys.audit("webbrowser.open", url) 601 sys.audit("webbrowser.open", url) 631 sys.audit("webbrowser.open", url)
|
D | shutil.py | 241 sys.audit("shutil.copyfile", src, dst) 297 sys.audit("shutil.copymode", src, dst) 350 sys.audit("shutil.copystat", src, dst) 554 sys.audit("shutil.copytree", src, dst) 693 sys.audit("shutil.rmtree", path) 790 sys.audit("shutil.move", src, dst) 1035 sys.audit("shutil.make_archive", base_name, format, root_dir, base_dir) 1221 sys.audit("shutil.unpack_archive", filename, extract_dir, format) 1290 sys.audit('shutil.chown', path, user, group)
|
/external/libcap/doc/values/ |
D | 30.txt | 1 Allows a process to configure audit logging via a
|
D | 37.txt | 1 Allows a process to read the audit log via a multicast
|
D | 29.txt | 1 Allows a process to write to the audit log via a
|