Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp2036348ybg; Thu, 30 Jul 2020 08:48:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5D94HDYeEp6yCfVOwgOhR79t4/CE4ouhhmMZ5gOeOYS8y58RYe0MJ5nf1bbxEpXhQxIDE X-Received: by 2002:a17:906:a3d6:: with SMTP id ca22mr3203545ejb.78.1596124119035; Thu, 30 Jul 2020 08:48:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596124119; cv=none; d=google.com; s=arc-20160816; b=aTzVe/Pmgcbx0QsnsZPNZ9ZwlfGek9TMI0Ym7tXSYX0yU7NyvGSqI1MPGiO1/jDXjY PSfzNOytT7q4ziAUOGu0eHahTVq6V4ZEpAG0JUmRXDf4y/zy2OJv2L7Hy+wYsTG0/Ntr 771qwmHP6nd3CjHp1VAvMjL7DZnLGPMVjJ5Ux49eD42CPECrYGjqjYaAnQ54+xndFBZK OpxwmxHAxEQOmVxhtiZ8ttNpbXGrkaRFSQgbZ5WlZwjQtPgrBH1iYRaIIZvDNLuVlbui y4IWdZ3RZzPJoCkrKka/TwARTfkv/7qh3ZaoVssnR06IW4gb/24LTMhJG9t90CicPN3I eL+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=49x67VwiUJCwO8RYfZ6fUGjGyhGRj81eBvZMHPZBkCk=; b=Q0XJd9sDlk4G0+LT7nhSZHE/UvuMLZlP6Y/q+ILHolep2AyA0f4xPfGva+2rrxzJjZ bLXwiOkf9UHqFPVRUfA7Yp72wwmwYfh6StuyzEs+fXJHr9/9oi7ydzL9GBWyZmq1k0Oa xA9O9BMm664x6HMUQav+3j/THOmpu6kb8HmXwovRXgvkvUn6EnsdoGoepCh3FzGXjkRb Vwh3qWMbwGMSi45r+Yksk7++hgUuUnWiJ/2t6czmoyXNWe12nbAbpAjeuumsVwBQH7ZU 51TZBoPp7U1KlAkSNDf4i5Shd3scBPmiYTG0FK3Kd3xrug0JM+hi4ucYkQUwjfbH1Bgw BqXg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sony.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f9si3533971edw.239.2020.07.30.08.48.17; Thu, 30 Jul 2020 08:48:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sony.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729787AbgG3PrZ convert rfc822-to-8bit (ORCPT + 99 others); Thu, 30 Jul 2020 11:47:25 -0400 Received: from seldsegrel01.sonyericsson.com ([37.139.156.29]:9285 "EHLO SELDSEGREL01.sonyericsson.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729091AbgG3PrY (ORCPT ); Thu, 30 Jul 2020 11:47:24 -0400 Subject: Re: [PATCH] RFC: selinux avc trace To: Stephen Smalley CC: Steven Rostedt , =?UTF-8?Q?Thi=c3=a9baud_Weksteen?= , Paul Moore , Nick Kralevich , Joel Fernandes , Eric Paris , Ingo Molnar , Mauro Carvalho Chehab , "David S. Miller" , Rob Herring , linux-kernel , SElinux list References: <20200724091520.880211-1-tweek@google.com> <20200724095232.5f9d3f17@oasis.local.home> <80a23580-5067-93b0-53fa-3bd53253c056@sony.com> From: peter enderborg Message-ID: Date: Thu, 30 Jul 2020 17:47:21 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8BIT Content-Language: en-GB X-SEG-SpamProfiler-Analysis: v=2.3 cv=DrAoB13+ c=1 sm=1 tr=0 a=kIrCkORFHx6JeP9rmF/Kww==:117 a=IkcTkHD0fZMA:10 a=_RQrkK6FrEwA:10 a=z6gsHLkEAAAA:8 a=t2xpVXhOPp6f4VaANuYA:9 a=QEXdDO2ut3YA:10 a=d-OLMTCWyvARjPbQ-enb:22 X-SEG-SpamProfiler-Score: 0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/30/20 4:50 PM, Stephen Smalley wrote: > On Thu, Jul 30, 2020 at 10:29 AM peter enderborg > wrote: >> I did manage to rebase it but this is about my approach. >> >> Compared to ThiƩbaud Weksteen patch this adds: >> >> 1 Filtering. Types goes to trace so we can put up a filter for contexts or type etc. >> >> 2 It tries also to cover non denies. And upon that you should be able to do coverage tools. >> I think many systems have a lot more rules that what is needed, but there is good way >> to find out what. A other way us to make a stat page for the rules, but this way connect to >> userspace and can be used for test cases. >> >> This code need a lot more work, but it shows how the filter should work (extra info is not right) >> and there are memory leaks, extra debug info and nonsense variable etc. > Perhaps the two of you could work together to come up with a common > tracepoint that addresses both needs. Sounds good to me. > On the one hand, we don't need/want to duplicate the avc message > itself; we just need enough to be able to correlate them. > With respect to non-denials, SELinux auditallow statements can be used > to generate avc: granted messages that can be used to support coverage > tools although you can easily flood the logs that way. One other That is one reason to use trace. I can be used for things that generate a lot of data. Like memory allocations and scheduler etc, and it is a developer tool so you should not have to worry about DOS etc. Both netlink and android logging are too happy to throw away data for developers to be happy. > limitation of the other patch is that it doesn't support generating > trace information for denials silenced by dontaudit rules, which might > be challenging to debug especially on Android where you can't just run > semodule -DB to strip all dontaudits. I think that only work for rooted devices. Many application developers run on commercial devices that are locked, but they do have access to trace. But I have no idea if they (google) have intended the selinux traces to available there.