Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp2101768ybg; Thu, 30 Jul 2020 10:20:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwcP2mkRG+2fdDTZX0nNERtI6AKn/Nc4VeTbI3dyhtiNmJie4R0Mp+ZI6OwBBiJTbi3vesj X-Received: by 2002:a17:906:cc4d:: with SMTP id mm13mr108434ejb.191.1596129619352; Thu, 30 Jul 2020 10:20:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596129619; cv=none; d=google.com; s=arc-20160816; b=n5ociBV9pxbFMJslwgVpz+om6g+Q+Q/+CK64pl0bYyxh33xQB5GJYrfwU3Dg2Hcrri uA6/aK00Vn0L6uIILEtZwON4d45sZlNp/K0GuGnjRTYQfEOVa825aFFSV+zTXjkbWlfT 731kA2DP8izDgli6LGIGzuN3dvlxqGDQb/IxnGrEBOgXJRmP3IBPb4eFAqvT6GWhFw4D mgwxpFY5K7vJ8q9s02FNMKrPsmt97I+PtIPz30RMzVlkY3exbsZDzm+dXeFjX28+vuAL 6ZKrihRT0kjWQH0A+2pjaawax1CdpStanPTzM6Pp0JcnZ5iRaYoUcM6iZx00rga5XiIp 8pgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=xP/hytZjNDNm67r7PLvs/kU94chSz1voj0WaKKn+AaM=; b=f8RxQLZQGKRbV9tY2/c+ot7OfQSTs+p7n18MIFRnUOHA8+gtmA4gvJqWQN1HiweVqy zXDfNqVb6hV2qAU0h6hUHrJEhAnBVVHOSSvu71lpSn5SY9Vh5yu/vXRJu4BS4p00pw/G JM9/OzaoCssnRvRrRv4gjQ0J7itYcLNsIOkP6K6oFEaFUTEosXasbFnxbknACRkeQASN a00Y3D0vkyh7XNbDoK5A5CdHC4mdGdUIlR1bD9+8Wf3aew+XOpFlQIemlxgVlAH8RijM a9BEbXQMy4hzY2ANbPDQZs2uLEFBb4OOXcMNCyNk41Q5UMSPyrHgMDdEVR6ZO2LJo3GD 9grA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z25si3435007ejr.598.2020.07.30.10.19.56; Thu, 30 Jul 2020 10:20:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730258AbgG3RRC convert rfc822-to-8bit (ORCPT + 99 others); Thu, 30 Jul 2020 13:17:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:36414 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728492AbgG3RRC (ORCPT ); Thu, 30 Jul 2020 13:17:02 -0400 Received: from oasis.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EFC7B2082E; Thu, 30 Jul 2020 17:17:00 +0000 (UTC) Date: Thu, 30 Jul 2020 13:16:59 -0400 From: Steven Rostedt To: peter enderborg Cc: =?UTF-8?B?VGhpw6liYXVk?= Weksteen , Paul Moore , Nick Kralevich , Joel Fernandes , Stephen Smalley , Eric Paris , Ingo Molnar , Mauro Carvalho Chehab , "David S. Miller" , Rob Herring , , Subject: Re: [PATCH] RFC: selinux avc trace Message-ID: <20200730131659.7f1d21e8@oasis.local.home> In-Reply-To: <15fcdc87-5e9b-8144-5a6b-34594d1e52ef@sony.com> References: <20200724091520.880211-1-tweek@google.com> <20200724095232.5f9d3f17@oasis.local.home> <80a23580-5067-93b0-53fa-3bd53253c056@sony.com> <20200730110459.5bf0b0df@oasis.local.home> <6f1262fc-21ad-f872-5460-e78d4685c9c4@sony.com> <20200730120200.1367e1cd@oasis.local.home> <15fcdc87-5e9b-8144-5a6b-34594d1e52ef@sony.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 30 Jul 2020 19:05:49 +0200 peter enderborg wrote: > >> It should be a full structure with a lot of sub strings.  But that make is even more relevant. > > So one event instance can have a list of strings recorded? > > Yes, it is a list very similar to a normal trace. But it is more generic. > > For example ino= is for filesystems that have inode, but for a > violation that send a signal that make no sense at all.  Network > addresses is in many cases not applicable. laddr= is only exist for > for IP. > > So if you just print them it will look like: > > avc:  denied  { find } for interface=vendor.qti.hardware.perf::IPerf sid=u:r:permissioncontroller_app:s0:c230,c256,c512,c768 pid=9164 scontext=u:r:permissioncontroller_app:s0:c230,c256,c512,c768 tcontext=u:object_r:vendor_hal_perf_hwservice:s0 tclass=hwservice_manager permissive=0 >  avc:  denied  { execute } for  pid=13914 comm="ScionFrontendAp" path="/data/user_de/0/com.google.android.gms/app_chimera/m/00000002/oat/arm64/DynamiteLoader.odex" dev="sda77" ino=204967 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=file permissive=0 ppid=788 pcomm="main" pgid=13914 pgcomm="on.updatecenter" > > It omit the fields that are not used. Some parts are common some are not. So a correct format specification for trace will be problematic if there is no "optional" field indicator. That's all quite noisy. What is the object of these changes? What exactly are you trying to trace and why? -- Steve