> -----Original Message-----
> From: Stephen Smalley [mailto:s...@tycho.nsa.gov]
> Sent: Wednesday, October 12, 2016 12:24 PM
> To: Roberts, William C <william.c.robe...@intel.com>; Nick Kralevich
> <n...@google.com>
> Cc: Yang, Bin Y <bin.y.y...@intel.com>; seandroid-list@tycho.nsa.gov
> Subject: Re: labelling /sys/kernel/debug aka debugfs
> 
> On 10/12/2016 12:05 PM, Roberts, William C wrote:
> > <snip>
> >
> > Here is the results of my tree, Bin won't be on until later, he is in PRC 
> > IIRC.
> >
> > I looked through these, as I was aware of loose regex's being too
> > slow, I didn't see anything, so I'll be interested if others spot it.
> >
> > This is everything in our tree, but doesn't mean it will be "built"
> > together. We have everything segregated In a modular fashion and you can
> config what you want to pull in.
> 
> Also, check for any prefix match of /sys, e.g. /.*, /(.*)?, /s.*, etc, since 
> those
> could also match any entry under /sys.

I took a look for stuff like this earlier, I tried various regexs to see if 
anything
hit like this one:
grep -rn '^/.[\.\*]' *

Plus we usually run weekly perf tests, so If someone introduces a slowdown, 
it's usually
discovered. We've hit these regex slowdowns before when I joined, but I was able
to get them all removed and educate others to do it. Also, I gate keep 99% of 
the selinux
changes so I look for these and block submission.

> 
> >
> > $ find . -name file_contexts | xargs grep '/sys' | grep -v '/system' |
> > cut -d: -f2-
> >
> > /sys/devices/pci0000:00/8086228A:00/.*/rfkill/rfkill[0-9]+/state
> u:object_r:sysfs_bluetooth_writable:s0
> > /sys/kernel/debug/sync      u:object_r:debugfs_graphics_sync:s0
> > /sys/devices/pci0000:00/8086228A:01/power/control
> > u:object_r:gps_sysfs_file:s0
> > /sys/devices/pci0000:00/8086228A:01/power/control
> > u:object_r:gps_sysfs_file:s0
> > /sys/devices/soc0/e0000000.noc/e9014000.l2_noc/e1000000.ahb_per/e12000
> > 00.usif4-gnss/power/control u:object_r:gps_sysfs_file:s0
> > /sys/devices/virtual/gpio/gpio71/value u:object_r:gps_sysfs_file:s0
> > /sys/devices/virtual/mali/pm/max_freq_level
> > u:object_r:sysfs_graphics_writable:s0
> > /sys/devices/pci0000\:00/0000\:00\:02.0/resource0
> > u:object_r:sysfs_gfx:s0 /sys/devices/pci0000\:00/0000\:00\:02.0/config
> > u:object_r:sysfs_app_readable:s0
> > /sys/devices/pci0000:00/0000:00:02.0/drm/card0/power/i915_videostatus
> u:object_r:sysfs_videostatus:s0 /sys/kernel/debug/dri/0/i915_frequency_info
> u:object_r:debugfs_graphics:s0
> > /sys/devices/virtual/misc/swfg_iface(/.*)?
> u:object_r:swfg_daemon_sysfs_rw_nodes:s0
> > /sys/devices/virtual/misc/intel_fg_iface(/.*)?
> u:object_r:fg_algo_iface_sysfs_rw_nodes:s0
> > /sys/devices/virtual/ieee80211/phy0/rfkill[0-9]{1}/type
> > u:object_r:sysfs_rfkill:s0 /sys/devices/platform/80860F41:04/i2c-5/5-
> 0040/control  u:object_r:sysfs_hwmon_control:s0
> > /sys/class/gpio/gpio59/value    u:object_r:sysfs_gpio_value:s0
> > /sys/class/gpio/gpio95/value    u:object_r:sysfs_gpio_value:s0
> > /sys/devices/virtual/misc/vmodem/modem_state
> u:object_r:sysfs_vmodem_writeable:s0
> > /sys/devices/virtual/misc/vmodem/modem_state
> u:object_r:sysfs_vmodem_writeable:s0
> > /sys/devices/virtual/misc/vmodem/modem_control
> u:object_r:sysfs_vmodem_writeable:s0
> > /sys/devices/pci0000:00/0000:00:14.0/hsic_enable
> u:object_r:sysfs_hsic_enable:s0
> > /sys/devices/pci0000:00/0000:00:14.0/L2_autosuspend_enable
> u:object_r:sysfs_autosuspend_enable:s0
> > /sys/devices/pci0000:00/0000:00:14.1/power/control
> u:object_r:sysfs_autosuspend_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/power/control
> u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb2/2-[3,5]/power/control
> u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb2/2-
> [3,5]/power/autosuspend_delay_ms u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb2/2-[3,5]/power/wakeup
> u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb2/2-[3,5]/devnum
> u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb2/2-[3,5]/idVendor
> u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb2/2-[3,5]/idProduct
> u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb2/2-0:1.0/(port5|usb2-
> port3)/usb3_lpm  u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/ssic_port_enable
> u:object_r:sysfs_ssic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb1/1-3/power/control
> u:object_r:sysfs_hsic_enable:s0
> > /sys/devices/pci0000:00/0000:00:1[4-5].0/usb1/1-
> 3/power/usb2_hardware_lpm        u:object_r:sysfs_hsic_enable:s0
> > /sys/bus/pci/rescan
> u:object_r:sysfs_pcie_enable:s0
> > /sys/devices/pci0000:00/0000:00:14.1/0000:02:00.0/remove
> u:object_r:sysfs_pcie_enable:s0
> > /sys/kernel/modem_nvram/dump               u:object_r:radio_device:s0
> > /sys/kernel/telephony(/.*)?     u:object_r:telephony_conf_files:s0
> > /sys/devices/virtual/thermal/thermal_zone[0-9]/trip_point_[0-9]_temp
> > u:object_r:sysfs_thermal_file:s0
> > /sys/devices/virtual/thermal/cooling_device[0-9]/cur_state
> > u:object_r:sysfs_thermal_file:s0 
> > /sys/devices/virtual/thermal/thermal_zone[0-
> 9]/policy u:object_r:sysfs_thermal_file:s0
> /sys/devices/platform/coretemp.0(/.*)?
> u:object_r:sysfs_thermal_management:s0
> > /sys/devices/virtual/thermal(/.*)?
> u:object_r:sysfs_thermal_management:s0
> > /sys/devices/virtual/powercap(/.*)?  u:object_r:sysfs_powercap:s0
> > /sys/kernel/debug/pstate_snb/setpoint u:object_r:debugfs_pstate:s0
> > /sys/devices/pci0000:00/0000:00:15.1/intel-cht-otg.0(/.*)
> > u:object_r:sysfs_usb_writable:s0
> >


_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Reply via email to