AuditD on Android
#Knowledge Base#Miscellaneous
Free multi-platform database tool with support for various databases and rich features.
Our goal is to port a minimal set of userland tools
Our objective is to transfer a minimal selection of userland tools from the GNU/Linux environment to the bionic/Linux environment of Android. We have removed most of the functionalities that are typically found in Linux software, including audisp, ausearch, and auparse.
The audit stream is not sent directly to an AF_Unix socket
The audit stream is not sent directly to an AF_Unix socket (/dev/audit) by the audit daemon (auditd). Although it may not be as elegant or robust as the Linux implementation, our objective is to provide access to the audit stream for Android applications while keeping overhead to a minimum. We chose to simplify the Audit system partly because bionic is significantly incompatible with GNU, but also because the smartphone platform should be treated differently than traditional server or desktop environments due to its resource and runtime limitations.
System Requirements for Setup
You need a rooted Android system that is running the x86 kernel version 2.6.29 or higher, with the CONFIG_AUDITSYSCALL option set to 'y'.
For the ARM Platform: Kernel Patching Requirements
For the ARM platform, it is necessary to patch the kernel (refer to the section titled 'Custom Kernel'). Additionally, we had to copy the audit.h kernel header because Google utilizes clean headers.
Their utilities for cleaning headers
The utilities they provide for cleaning headers are difficult to use for those who do not have the advantage of Google (i.e., the documentation is limited and the index is poorly designed). For more information, please refer to the directory structure section.
