This was tested on kernel.org 'next-20191128' as Rawhide kernels
don't yet support the new perf_event hooks.
Note that the default .config enables the following that have been added
to defconfig:
CONFIG_HAVE_PERF_EVENTS=y
CONFIG_PERF_EVENTS=y
CONFIG_TRACEPOINTS=y
To allow testing, the following steps are required to update Fedora
policy:
1) Using the diff below, add the perf_event class and its
permissions to:
/usr/share/selinux/devel/include/support/all_perms.spt
--- a/all_perms.spt 2019-12-01 14:11:22.304013835 +0000
+++ b/all_perms.spt 2019-11-29 15:11:21.891680000 +0000
@@ -230,6 +230,7 @@
class smc_socket all_smc_socket_perms;
class bpf all_bpf_perms;
class xdp_socket all_xdp_socket_perms;
+ class perf_event { open cpu kernel tracepoint read write };
')
define(`all_userspace_class_perms',`
2) Create a cil module 'test_perf.cil' that defines the class:
(class perf_event (open cpu kernel tracepoint read write))
(classorder (unordered perf_event))
Then insert into policy:
semodule -i test_perf.cil
Richard Haines (1):
selinux-testsuite: Add perf_event tests
defconfig | 6 ++
policy/Makefile | 4 +
policy/test_perf_event.te | 106 ++++++++++++++++++++
tests/Makefile | 4 +
tests/perf_event/.gitignore | 1 +
tests/perf_event/Makefile | 7 ++
tests/perf_event/perf_event.c | 178 ++++++++++++++++++++++++++++++++++
tests/perf_event/test | 80 +++++++++++++++
8 files changed, 386 insertions(+)
create mode 100644 policy/test_perf_event.te
create mode 100644 tests/perf_event/.gitignore
create mode 100644 tests/perf_event/Makefile
create mode 100644 tests/perf_event/perf_event.c
create mode 100755 tests/perf_event/test
--
2.23.0
