On Thu, 30 Jul 2020 21:12:39 +0200
peter enderborg <peter.enderb...@sony.com> wrote:
> >> avc: denied { find } for interface=vendor.qti.hardware.perf::IPerf
> >> sid=u:r:permissioncontroller_app:s0:c230,c256,c512,c768 pid=9164
> >> scontext=u:r:permissioncontroller_app:s0:c230,c256,c512,c768
> >> tcontext=u:object_r:vendor_hal_perf_hwservice:s0 tclass=hwservice_manager
> >> permissive=0
> >> avc: denied { execute } for pid=13914 comm="ScionFrontendAp"
> >> path="/data/user_de/0/com.google.android.gms/app_chimera/m/00000002/oat/arm64/DynamiteLoader.odex"
> >> dev="sda77" ino=204967 scontext=u:r:platform_app:s0:c512,c768
> >> tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=file
> >> permissive=0 ppid=788 pcomm="main" pgid=13914 pgcomm="on.updatecenter"
> >>
> >> It omit the fields that are not used. Some parts are common some are not.
> >> So a correct format specification for trace will be problematic if there
> >> is no "optional" field indicator.
> > That's all quite noisy. What is the object of these changes? What
> > exactly are you trying to trace and why?
>
> It is noisy, and it have to be. it covers a lot of different areas. One
> common problem is
> to debug userspace applications regarding violations. You get the violation
> from the logs
> and try to figure out what you did to cause it. With a trace point you can do
> much better
> when combine with other traces. Having a the userspace stack is a very good
> way,
> unfortunately it does not work on that many architectures within trace.
>
> What exactly are you doing with any trace? You collect data to analyse what's
> going on. This is not different. Selinux do a specific thing, but is has lots
> of parameters.
Have you thought of adding multiple trace events with if statements
around them to decode each specific type of event?
Note, you can have a generic event that gets enabled by all the other
events via the "reg" and "unreg" part of TRACE_EVENT_FN(). Say its
called trace_avc, make a dummy trace_avc() call hat doesn't even need
to be called anywhere, it just needs to exist to get to the other trace
events.
Then have:
if (trace_avc_enabled()) {
if (event1)
trace_avc_req_event1();
if (event2)
trace_avc_req_event2();
[..]
}
The reason for the trace_avc_enabled() is because that's a static
branch, which is a nop when not enabled. When enabled, it is a jump to
the out of band if condition block that has all the other trace events.
-- Steve
