diff options
| author | Nick Kralevich <nnk@google.com> | 2019-04-09 10:59:39 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2019-04-09 20:54:47 -0700 |
| commit | ac3ca99b77c4944333649dda4670d509f9facc05 (patch) | |
| tree | 7def753c3cefcf4714f14143c3d95732e011dac3 /trusty/coverage/coverage_test.cpp | |
| parent | 83e52ce905d2655f074d264069d7f49459c1912d (diff) | |
introduce auditctl and use it to configure SELinux throttling
In an effort to ensure that our development community does not
introduce new code without corresponding SELinux changes, Android
closely monitors the number of SELinux denials which occur during
boot. This monitoring occurs both in treehugger, as well as various
dashboards. If SELinux denials are dropped during early boot, this
could result in non-determinism for the various SELinux treehugger
tests.
Introduce /system/bin/auditctl. This tool, model after
https://linux.die.net/man/8/auditctl , allows for configuring the
throttling rate for the kernel auditing system.
Remove any throttling from early boot. This will hopefully reduce
treehugger flakiness by making denial generation more predictible
during early boot.
Reapply the throttling at boot complete, to avoid denial of service
attacks against the auditing subsystem.
Delete pre-existing unittests for logd / SELinux integration. It's
intended that all throttling decisions be made in the kernel, and
shouldn't be a concern of logd.
Bug: 118815957
Test: Perform an operation which generates lots of SELinux denials,
and count how many occur before and after the time period.
(cherry picked from commit be5e44679146d333c20e28bf99c52d168f422626)
Change-Id: I283cd56151d199cd66f0d217b49115460c4a01e5
Diffstat (limited to 'trusty/coverage/coverage_test.cpp')
0 files changed, 0 insertions, 0 deletions