project-lakitu/sys-process/audit/files/rules.d/99-default.rules - cos/overlays/board-overlays - Git at Google

 # The following rule allows logging of the following message types
 # and tells the kernel to ignore everything else.
 #  - CONFIG_CHANGE
 #  - AVC (for AppArmor permission check messages)
 #  - USER_AVC (triggered when a user-space AVC message is generated)
 -b 128
 -a never,exclude -F msgtype!=CONFIG_CHANGE -F msgtype!=AVC -F msgtype!=USER_AVC -F msgtype!=SECCOMP
	# The following rule allows logging of the following message types
	# and tells the kernel to ignore everything else.
	# - CONFIG_CHANGE
	# - AVC (for AppArmor permission check messages)
	# - USER_AVC (triggered when a user-space AVC message is generated)
	-b 128
	-a never,exclude -F msgtype!=CONFIG_CHANGE -F msgtype!=AVC -F msgtype!=USER_AVC -F msgtype!=SECCOMP