I have seen that selinux need to enable auditing support. I want to know the difference between audit and audit2allow, can I just use audit2allow instead of audit? It seems that no audit support in android code, only audit2allow.
For the audit, I mean the audit package at http://people.redhat.com/sgrubb/audit/.
audit is a daemon, which log denied access (AVC) into /var/log/audit/audit.log
audit2allow is a user-tool to transfer AVP-log into a SELinux-Policy.
examples:
cat audit.log | audit2whycat audit.log | audit2allow -M foo