Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2473478pxa;
        Mon, 17 Aug 2020 10:26:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz7yKs7PtNRZa6zVxhbVyIaKbcq06O45SXFEOFLnsdMRRHQBM5Ic3TsoevtD0ZyULOOaOcs
X-Received: by 2002:a17:906:60d5:: with SMTP id f21mr15912848ejk.94.1597685188135;
        Mon, 17 Aug 2020 10:26:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597685188; cv=none;
        d=google.com; s=arc-20160816;
        b=ZiLQ0ONY/yB/NDdRfC6fICnbjfMfVAbEMqom5PmiDij0GFVdyVx0ftYLhyzi6xFO7n
         kSVXYsZ3uM1ijrqsHRljoH18CmCBe3jOK8+uATGr6pNW8ol9E6mqI0/soIRqVhMpuO74
         5z+6NdDfiVN9CghppMM/wYzmaLh42c2AVtk+6TFCb1gWZaS+Q+QP1TBRAYZNVJfnNfg0
         jx4fSzIG0hlDXfufRXiIkopX+Ofg54Aw8TxKR9u6wg9Ax0sitAzv9jE3STshzW23rAmE
         z1Kp3W5Ps+RoZiUbNarSko19bfCByvD805Oxca+DrQP/Xz8f9HunmY6Jf6SrVNhUs3QK
         HTTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:from
         :subject:mime-version:message-id:date:dkim-signature;
        bh=+mx9UxHE8cqJm7GTmmUZEZc8F7xX2W2IqrfBBB9QOjA=;
        b=Ukc3zHhmHBBcwo/e9pr2j3s36lL8kIl7SyiEHKUnjKpi50FLsCRRE0/kint8knQZbC
         EB9ecZgqXvKc1ruHPzrPDuc00VG1WC/WN82h51fAw6MJt4OUsHHARkeOR+gfRcR1vZHb
         yyVdVGiXu0iz0Qeo3Oy5B7lKjgCKnGfZo2XpdO4jHHfW8Do4/huJICrTfpiyNZQ4A62k
         kd2b0CRMBnR7J8pHSQxK7JsfuCKBlZUsTxgq2oGN3ZRW6xuM89ua7GByM/jfiUBoJKHZ
         x5q2FLT3OXy9TUBM4QbiMB/0vnvDAd83b/JYsDV16+GiO4edhTmjM27GayrLJ38niVdR
         2m5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=OmPMU5wR;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id s10si11533170ejd.553.2020.08.17.10.26.05;
        Mon, 17 Aug 2020 10:26:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=OmPMU5wR;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389971AbgHQRYU (ORCPT <rfc822;parkch98@gmail.com> + 99 others);
        Mon, 17 Aug 2020 13:24:20 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49092 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2389329AbgHQRIS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Aug 2020 13:08:18 -0400
Received: from mail-ed1-x549.google.com (mail-ed1-x549.google.com [IPv6:2a00:1450:4864:20::549])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5EDEC061342
        for <linux-kernel@vger.kernel.org>; Mon, 17 Aug 2020 10:08:12 -0700 (PDT)
Received: by mail-ed1-x549.google.com with SMTP id q18so1854679edg.1
        for <linux-kernel@vger.kernel.org>; Mon, 17 Aug 2020 10:08:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:message-id:mime-version:subject:from:to:cc
         :content-transfer-encoding;
        bh=+mx9UxHE8cqJm7GTmmUZEZc8F7xX2W2IqrfBBB9QOjA=;
        b=OmPMU5wRtJr+HOk95BLGxFsNz4Cn3KmNyYv+uJZ+XR/MdMjBb59LsNutLnfizNc3vY
         i4y5vMl2ZW3v4GtYM+f6YW2TNsLwkAG28WvG+fHwEkI5wwFSBoSyx2CYSTJq1BsNOZRP
         w/rIfsUFhj/RjkiSGfCnMOEenaZbyXoaR/72XgYoOYUA0nmxTgC/a6nAwVMDmsTdrWy8
         IapaImnbz2PzIHNUup3aCaZcrLoAzk5FwU3YHglWobL75Y/Q4Dc2l1BvE6I+oIenfoB+
         qY3mijGoVdpWQgd2BOL5+mbYkqU1ibOwbdc09vKwMajczltIvd61yViW6/iX6Oq06vfS
         5nHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc
         :content-transfer-encoding;
        bh=+mx9UxHE8cqJm7GTmmUZEZc8F7xX2W2IqrfBBB9QOjA=;
        b=sidr4ZEdtzndDc1Ko6ZmiNGva0YWHfNaMUkdJbQxhv8IUoPuugUySOacEqttwf3GZd
         FHPXSFG5VoEYtWC0YB8l0gjLl8Oy0GIVYCHth6a4HnjbiOaHCFG6OXUVN4SfkDAPpVs5
         wFXwVPyieWguzqLDFpGWyQcTy1UZmjTEacavwbv0teWGZ8zVB6vcNv5TKNRLxvvbGR0a
         uf2PY+ReGMCTF3hV0oznn7hN7iswta2pGBMTwzi7cflXZQqUxtV6kQ+Q+3mGky7dGxcY
         LhLL9Giv/YXfuH73UdxsbUJZMAYPuwMpyyUBMpuIM1EQYZer+dlJnIc3mn3oGcCMCLsZ
         ztwA==
X-Gm-Message-State: AOAM5317bieIau/kOPXxaI5FtK22r21Jp9CtKMgxz6QEdipDBabN7d3v
        KhDEmQA/dlSga44gEa59yM8i4BwSYA==
X-Received: by 2002:a05:6402:22d9:: with SMTP id dm25mr15617460edb.2.1597684089211;
 Mon, 17 Aug 2020 10:08:09 -0700 (PDT)
Date:   Mon, 17 Aug 2020 19:07:11 +0200
Message-Id: <20200817170729.2605279-1-tweek@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.28.0.220.ged08abb693-goog
Subject: [PATCH v3 0/3] selinux: add detailed tracepoint on audited events
From:   "=?UTF-8?q?Thi=C3=A9baud=20Weksteen?=" <tweek@google.com>
To:     Paul Moore <paul@paul-moore.com>
Cc:     Nick Kralevich <nnk@google.com>,
        "=?UTF-8?q?Thi=C3=A9baud=20Weksteen?=" <tweek@google.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Eric Paris <eparis@parisplace.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Ingo Molnar <mingo@redhat.com>,
        Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Rob Herring <robh@kernel.org>, linux-kernel@vger.kernel.org,
        selinux@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The audit data currently captures which process and which target
is responsible for a denial. There is no data on where exactly in the
process that call occurred. Debugging can be made easier by adding a
trace point when an event is audited.

This series of patch defines this new trace point and extra attributes
to easily match the tracepoint event with the audit event. It is also
possible to filter the events based on these attributes.

Changes since v2
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
- Add patch to include decoded permissions.
- Remove ssid and tsid from attributes list.
- Update commit log with more context.

Peter Enderborg (2):
  selinux: add basic filtering for audit trace events
  selinux: add permission names to trace event

Thi=C3=A9baud Weksteen (1):
  selinux: add tracepoint on denials

 MAINTAINERS                |  1 +
 include/trace/events/avc.h | 60 ++++++++++++++++++++++++++++++++++++++
 security/selinux/avc.c     | 59 ++++++++++++++++++++++++++++++++-----
 3 files changed, 113 insertions(+), 7 deletions(-)
 create mode 100644 include/trace/events/avc.h

--=20
2.28.0.220.ged08abb693-goog