Re: [PATCH v3 3/3] selinux: add permission names to trace event
From: Stephen Smalley
Date: Mon Aug 17 2020 - 16:16:34 EST
On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:
From: Peter Enderborg <peter.enderborg@xxxxxxxx>
In the print out add permissions, it will look like:
<...>-1042 [007] .... 201.965142: selinux_audited:
requested=0x4000000 denied=0x4000000 audited=0x4000000
result=-13
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:bin_t:s0
tclass=file permissions={ !entrypoint }
This patch is adding the "permissions={ !entrypoint }".
The permissions preceded by "!" have been denied and the permissions
without have been accepted.
Note that permission filtering is done on the audited, denied or
requested attributes.
Suggested-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
Suggested-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Reviewed-by: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Signed-off-by: Peter Enderborg <peter.enderborg@xxxxxxxx>
---
include/trace/events/avc.h | 11 +++++++++--
security/selinux/avc.c | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 7de5cc5169af..d585b68c2a50 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -695,6 +695,7 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
audit_log_format(ab, " } for ");
}
+
/**
* avc_audit_post_callback - SELinux specific information
* will be called by generic audit code
Also, drop the spurious whitespace change above.