Searched refs:audit (Results 1 – 22 of 22) sorted by relevance
| /system/core/logd/ |
| D | README.auditd | 3 The audit daemon is a simplified version of its desktop
4 counterpart designed to gather the audit logs from the
5 audit kernel subsystem. The audit subsystem of the kernel
8 To enable the audit subsystem, you must add this to your
|
| D | LogAudit.cpp | 419 char* audit = strstr(buf, " audit("); in log() local
420 if (!audit || (audit >= &buf[len])) { in log()
424 *audit = '\0'; in log()
429 rc = logPrint("%s %s", type, audit + 1); in log()
431 rc = logPrint("%s", audit + 1); in log()
433 *audit = ' '; in log()
|
| D | README.property | 4 ro.logd.auditd bool true Enable selinux audit daemon
5 ro.logd.auditd.dmesg bool true selinux audit messages sent to dmesg.
6 ro.logd.auditd.main bool true selinux audit messages sent to main.
7 ro.logd.auditd.events bool true selinux audit messages sent to events.
|
| /system/sepolicy/vendor/ |
| D | hal_wifi_supplicant_default.te | 23 # Write to security logs for audit.
|
| /system/sepolicy/private/ |
| D | dexoptanalyzer.te | 25 # "dontaudit...audit_access" policy line to suppress the audit access without
|
| /system/sepolicy/prebuilts/api/27.0/private/ |
| D | dexoptanalyzer.te | 25 # "dontaudit...audit_access" policy line to suppress the audit access without
|
| /system/sepolicy/prebuilts/api/28.0/private/ |
| D | dexoptanalyzer.te | 25 # "dontaudit...audit_access" policy line to suppress the audit access without
|
| /system/sepolicy/prebuilts/api/26.0/public/ |
| D | crash_dump.te | 13 # which will result in an audit log even when it's allowed to trace.
|
| D | init.te | 336 # Send an SELinux userspace denial to the kernel audit subsystem,
|
| /system/sepolicy/prebuilts/api/27.0/public/ |
| D | crash_dump.te | 13 # which will result in an audit log even when it's allowed to trace.
|
| D | init.te | 341 # Send an SELinux userspace denial to the kernel audit subsystem,
|
| /system/sepolicy/prebuilts/api/28.0/public/ |
| D | crash_dump.te | 13 # which will result in an audit log even when it's allowed to trace.
|
| D | property.te | 141 # Don't audit legacy ctl. property handling. We only want the newer permission check to appear
142 # in the audit log
|
| D | init.te | 412 # Send an SELinux userspace denial to the kernel audit subsystem,
|
| /system/sepolicy/public/ |
| D | crash_dump.te | 13 # which will result in an audit log even when it's allowed to trace.
|
| D | property.te | 141 # Don't audit legacy ctl. property handling. We only want the newer permission check to appear
142 # in the audit log
|
| D | init.te | 412 # Send an SELinux userspace denial to the kernel audit subsystem,
|
| /system/sepolicy/tools/sepolicy-analyze/ |
| D | README | 18 conditional rules, audit-related rules (auditallow or dontaudit),
|
| /system/tpm/trunks/generator/ |
| D | raw_commands.txt | 1037 audit will follow the handles used for authorization.
1356 authorization sessions, or the audit session, or a session may be added for the single
1360 authorization sessions, or the audit session if present, ora session may be added for the
1695 audit data and will return a 10-octet response packet.
1724 Additionally, if the command is being audited by Command Audit, the audit digest is updated with the
2042 audit and session contexts will be updated if the command response is TPM_RC_SUCCESS; and
2649 // Restore/Initialize command audit information
2724 the command audit digest and count.
3617 the session is not an audit session; and
11810 authorization or audit of this command requires computation of a cpHash and an rpHash, the Name
[all …]
|
| D | raw_commands_fixed.txt | 1037 audit will follow the handles used for authorization.
1356 authorization sessions, or the audit session, or a session may be added for the single
1360 authorization sessions, or the audit session if present, ora session may be added for the
1695 audit data and will return a 10-octet response packet.
1724 Additionally, if the command is being audited by Command Audit, the audit digest is updated with the
2042 audit and session contexts will be updated if the command response is TPM_RC_SUCCESS; and
2649 // Restore/Initialize command audit information
2724 the command audit digest and count.
3617 the session is not an audit session; and
11821 authorization or audit of this command requires computation of a cpHash and an rpHash, the Name
[all …]
|
| D | raw_structures.txt | 4748 command failed because audit sequence required
6847 the high-order 32 bits of the command audit counter
6853 the low-order 32 bits of the command audit counter
8703 indicates that the session is exclusive. This setting is only allowed if the audit
8705 CLEAR (0): If audit is CLEAR, then this field is reserved but the error is
8713 SET (1): In a command, this setting indicates that the audit digest of the session
8715 CLEAR (0): If audit is CLEAR, then this field is reserved but the error is
8786 SET (1): In a command or response, this setting indicates that the session is for audit
8790 CLEAR (0): Session is not used for audit.
8792 audit
[all …]
|
| D | raw_structures_fixed.txt | 4742 command failed because audit sequence required
6872 the high-order 32 bits of the command audit counter
6878 the low-order 32 bits of the command audit counter
8731 indicates that the session is exclusive. This setting is only allowed if the audit
8733 CLEAR (0): If audit is CLEAR, then this field is reserved but the error is
8741 SET (1): In a command, this setting indicates that the audit digest of the session
8743 CLEAR (0): If audit is CLEAR, then this field is reserved but the error is
8814 SET (1): In a command or response, this setting indicates that the session is for audit
8818 CLEAR (0): Session is not used for audit.
8820 audit
[all …]
|