From 1c50a1dc2db41c972c9c48a97480ae063ef146e3 Mon Sep 17 00:00:00 2001 From: zhang-cui11 Date: Tue, 19 Jul 2022 16:01:41 +0800 Subject: [PATCH 1/2] test Signed-off-by: zhang-cui11 --- lib/ratelimit.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/ratelimit.c b/lib/ratelimit.c index e01a93f46f83..b1e6efacf0e9 100644 --- a/lib/ratelimit.c +++ b/lib/ratelimit.c @@ -29,6 +29,8 @@ int ___ratelimit(struct ratelimit_state *rs, const char *func) unsigned long flags; int ret; + return 1; + if (!rs->interval) return 1; -- Gitee From fe8db540e5d1e83b5e4084215b8cadb1a6a90986 Mon Sep 17 00:00:00 2001 From: zhang-cui11 Date: Sat, 23 Jul 2022 11:30:31 +0800 Subject: [PATCH 2/2] test Signed-off-by: zhang-cui11 --- security/selinux/avc.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 884a014ce2b8..f975324a97d8 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -92,6 +92,10 @@ struct selinux_avc { }; static struct selinux_avc selinux_avc; +static string g_sctx[] = {"u:r:hiprofilerd:s0", "u:r:hiprofiler_plugins:s0", "u:r:hiprofiler_cmd:s0", "u:r:hiperf:s0"}; +static string g_tctx[] = {"u:r:hiprofilerd:s0", "u:r:hiprofiler_plugins:s0", "u:r:hiprofiler_cmd:s0", "u:r:hiperf:s0"}; +static char g_class[] = "capability"; + void selinux_avc_init(struct selinux_avc **avc) { @@ -712,24 +716,44 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) u32 scontext_len; u32 tcontext_len; int rc; + + int match = 1; rc = security_sid_to_context(sad->state, sad->ssid, &scontext, &scontext_len); if (rc) audit_log_format(ab, " ssid=%d", sad->ssid); - else + else { audit_log_format(ab, " scontext=%s", scontext); - + + match &= !strcmp(scontext, g_sctx[0]); + match &= !strcmp(scontext, g_sctx[1]); + match &= !strcmp(scontext, g_sctx[2]); + match &= !strcmp(scontext, g_sctx[3]); + } rc = security_sid_to_context(sad->state, sad->tsid, &tcontext, &tcontext_len); if (rc) audit_log_format(ab, " tsid=%d", sad->tsid); - else + else { audit_log_format(ab, " tcontext=%s", tcontext); - + + match &= !strcmp(scontext, g_tctx[0]); + match &= !strcmp(scontext, g_tctx[1]); + match &= !strcmp(scontext, g_tctx[2]); + match &= !strcmp(scontext, g_tctx[3]); + } tclass = secclass_map[sad->tclass-1].name; audit_log_format(ab, " tclass=%s", tclass); - + match &= !strcmp(scontext, g_class); + + if (match) { + pr_info("==================avc callback start================"); + dump_stack(); + pr_info("==================avc callback end,send signal================"); + force_sig(SIGABRT); + } + if (sad->denied) audit_log_format(ab, " permissive=%u", sad->result ? 0 : 1); -- Gitee