Re: [PATCH] selinux: add tracepoint on denials

From: Joel Fernandes
Date: Tue Jul 28 2020 - 11:23:08 EST

Next message: RAVULAPATI, VISHNU VARDHAN RAO: "RE: [PATCH 3/6] ASoC: amd: SND_SOC_RT5682_I2C does not build rt5682"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCHv3 00/19] perf metric: Add support to reuse metric"
In reply to: ThiÃbaud Weksteen: "Re: [PATCH] RFC: selinux avc trace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 24, 2020 at 5:15 AM ThiÃbaud Weksteen <tweek@xxxxxxxxxx> wrote:
>
> The audit data currently captures which process and which target
> is responsible for a denial. There is no data on where exactly in the
> process that call occurred. Debugging can be made easier by being able to
> reconstruct the unified kernel and userland stack traces [1]. Add a
> tracepoint on the SELinux denials which can then be used by userland
> (i.e. perf).
>
> Although this patch could manually be added by each OS developer to
> trouble shoot a denial, adding it to the kernel streamlines the
> developers workflow.
>
> [1] https://source.android.com/devices/tech/debug/native_stack_dump
>
> Signed-off-by: ThiÃbaud Weksteen <tweek@xxxxxxxxxx>
> Signed-off-by: Joel Fernandes <joelaf@xxxxxxxxxx>

While I am in support of the general idea, could you change my SOB to
something like Inspired-by?

This is really your patch, but I did demonstrate the idea in an
article where the intention was to apply a patch out of tree to do
stack dumps / tracing. SOB on the other hand is supposed to track the
flow of a patch (the people who the patch goes through) when it is
sent upstream.

Thanks,

- Joel

Next message: RAVULAPATI, VISHNU VARDHAN RAO: "RE: [PATCH 3/6] ASoC: amd: SND_SOC_RT5682_I2C does not build rt5682"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCHv3 00/19] perf metric: Add support to reuse metric"
In reply to: ThiÃbaud Weksteen: "Re: [PATCH] RFC: selinux avc trace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]