audit: Add option to enable/disable syscall audit
Enable syscall audit has performance impact on Android, add option to
enable/disable the syscall audits.
Change-Id: I654e553daca388c03774886bf13410e2fdec0b02
Signed-off-by: Channagoud Kadabi <ckadabi@codeaurora.org>
diff --git a/init/Kconfig b/init/Kconfig
index 6a4e13a..007186d 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -312,15 +312,20 @@
help
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
- logging of avc messages output). System call auditing is included
- on architectures which support it.
+ logging of avc messages output). Does not do system-call
+ auditing without CONFIG_AUDITSYSCALL.
config HAVE_ARCH_AUDITSYSCALL
bool
config AUDITSYSCALL
- def_bool y
+ bool "Enable system-call auditing support"
depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
+ default y if SECURITY_SELINUX
+ help
+ Enable low-overhead system-call auditing infrastructure that
+ can be used independently or with another kernel subsystem,
+ such as SELinux.
config AUDIT_WATCH
def_bool y