1*e4a36f41SAndroid Build Coastguard Worker# 2*e4a36f41SAndroid Build Coastguard Worker# /system/bin/auditctl executed for logd 3*e4a36f41SAndroid Build Coastguard Worker# 4*e4a36f41SAndroid Build Coastguard Worker# Performs maintenance of the kernel auditing system, including 5*e4a36f41SAndroid Build Coastguard Worker# setting rate limits on SELinux denials. 6*e4a36f41SAndroid Build Coastguard Worker# 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Workertype auditctl, domain, coredomain; 9*e4a36f41SAndroid Build Coastguard Workertype auditctl_exec, file_type, system_file_type, exec_type; 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# Uncomment the line below to put this domain into permissive 12*e4a36f41SAndroid Build Coastguard Worker# mode. This helps speed SELinux policy development. 13*e4a36f41SAndroid Build Coastguard Worker# userdebug_or_eng(`permissive auditctl;') 14*e4a36f41SAndroid Build Coastguard Worker 15*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(auditctl) 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Workerallow auditctl self:global_capability_class_set audit_control; 18*e4a36f41SAndroid Build Coastguard Workerallow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; 19