Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp8341pxa; Thu, 20 Aug 2020 22:55:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqAMouHctFqxYdthu+kg0n0h/h/R/TbSFX253qzuWSDo2eFmwYcf9XxW+PJynbDeo07oy9 X-Received: by 2002:a50:fd83:: with SMTP id o3mr1240230edt.170.1597989335353; Thu, 20 Aug 2020 22:55:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597989335; cv=none; d=google.com; s=arc-20160816; b=EANFX+VBjtbBOfDXmc5hqkHE1hRtOIVttr2w0x/ultqi5nJzktx3W8NyjKB6Y3TZKU 8lBD0MIEeBJey3B4Q13BA8XX0O7IuaqxH1wO7hl28GtlDcdzeLsFbfIgZqB58rSMXhLl YCbG5VhtDNeKLbOK9eG1Fq/omzxYtbdWSaZIhmEfDdsP55GdmVqmX5e/uPI3R5hHG2Bw FG5C6fo3L5uAALpkNYfahx8or5Qyf8ir+Mi+B4PoxOyOZ9k0oNLlDegwE5ox3Udb658a 6og/pwavoYP/0x6jI9PBpwFRGzvvOE774mT0o5o3lf4+1cEDS88SgNxw5kN+hYZ+kWD8 zXPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=Xnh7MVE1rItFGk/ZZjkE8PM4AQ+DLVKbLIBUaJs77Ag=; b=Rm7gZJy7sPAL+a6rRwV3x0+S84mMm/LCCvMQ/KrwfqS8WuogU0A1JUeOgT8LR8IM7k TVXvNQus74USJZ4FF8vHupLJjjbRaqjKYGTQJBwbFraK87qPo52wZsoCJTX4UewsaSrZ Vgf09Zz50W0E+y91KLUFGdk4zbjayPY+u+h4tergSYt5arlc42jpCKJTxHBoNAz+jvNa vsPDKQysM+DZP/O6GhKzEjG8/WVdj+wXZy/ll/nMxLP1qY3QAhJ4RXWnFuthDypSK0pD 0wEt4RKSy/vl7RQn3yCkeBqRn7eBTpHWbF0lgVFJwNTyc1XWm/HhSzrd4UN4izeF1RYU n4vg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sony.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b16si510286eju.452.2020.08.20.22.55.00; Thu, 20 Aug 2020 22:55:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sony.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726279AbgHUFxl (ORCPT + 99 others); Fri, 21 Aug 2020 01:53:41 -0400 Received: from seldsegrel01.sonyericsson.com ([37.139.156.29]:10457 "EHLO SELDSEGREL01.sonyericsson.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725268AbgHUFxk (ORCPT ); Fri, 21 Aug 2020 01:53:40 -0400 Subject: Re: [PATCH v3 3/3] selinux: add permission names to trace event To: Paul Moore , Stephen Smalley CC: =?UTF-8?Q?Thi=c3=a9baud_Weksteen?= , Nick Kralevich , Steven Rostedt , Eric Paris , Ingo Molnar , Mauro Carvalho Chehab , "David S. Miller" , Rob Herring , linux-kernel , SElinux list References: <20200817170729.2605279-1-tweek@google.com> <20200817170729.2605279-4-tweek@google.com> <6730ec4a-d11b-5c05-b64f-380104a86dab@sony.com> From: peter enderborg Message-ID: <991d6a06-4b89-989a-92d1-82f295efe9bf@sony.com> Date: Fri, 21 Aug 2020 07:53:36 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Language: en-GB X-SEG-SpamProfiler-Analysis: v=2.3 cv=frmim2wf c=1 sm=1 tr=0 a=kIrCkORFHx6JeP9rmF/Kww==:117 a=IkcTkHD0fZMA:10 a=y4yBn9ojGxQA:10 a=pGLkceISAAAA:8 a=z6gsHLkEAAAA:8 a=zqV3RlLadK9Wwbd0qEsA:9 a=QEXdDO2ut3YA:10 a=d-OLMTCWyvARjPbQ-enb:22 X-SEG-SpamProfiler-Score: 0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/21/20 4:22 AM, Paul Moore wrote: > On Tue, Aug 18, 2020 at 8:14 AM Stephen Smalley > wrote: >> On Tue, Aug 18, 2020 at 4:11 AM peter enderborg wrote: > ... > >>> Is there any other things we need to fix? A part 1&2 now OK? >> They looked ok to me, but Paul should review them. > Patches 1 and 2 look fine to me with the small nits that Stephen > pointed out corrected. I'm glad to see the information in string form > now, I think that will be a big help for people making use of this. > > Unfortunately, I'm a little concerned about patch 3 for the reason > Stephen already mentioned. While changes to the class mapping are > infrequent, they do happen, and I'm not very excited about adding it > to the userspace kAPI via a header. Considering that the tracing > tools are going to be running on the same system that is being > inspected, perhaps the tracing tools could inspect > /sys/fs/selinux/class at runtime to query the permission mappings? > Stephen, is there a libselinux API which does this already? > One way to use this trace is to write directly to a memory buffer over a time period. In the case for Android and I guess in many other embedded cases too they are moved to be some other machine to be analysed so having them locked to where it was running also have problems. So what is the problem we see with the plugin, that we have perms names that are "unknown" ?