diff options
author | Yuichi Nakamura <ynakam@hitachisoft.jp> | 2007-09-13 20:27:07 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-10-16 18:59:31 -0400 |
commit | 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch) | |
tree | cbe2d2a360aaf7dc243bef432e1c50507ae6db7b /security/dummy.c | |
parent | 3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff) |
SELinux: Improve read/write performance
It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check. A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.
(see http://marc.info/?l=selinux&m=118972995207740&w=2)
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/dummy.c')
-rw-r--r-- | security/dummy.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c index 853ec229279..64b647a0d9a 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -463,6 +463,11 @@ static int dummy_file_receive (struct file *file) | |||
463 | return 0; | 463 | return 0; |
464 | } | 464 | } |
465 | 465 | ||
466 | static int dummy_dentry_open (struct file *file) | ||
467 | { | ||
468 | return 0; | ||
469 | } | ||
470 | |||
466 | static int dummy_task_create (unsigned long clone_flags) | 471 | static int dummy_task_create (unsigned long clone_flags) |
467 | { | 472 | { |
468 | return 0; | 473 | return 0; |
@@ -1033,6 +1038,7 @@ void security_fixup_ops (struct security_operations *ops) | |||
1033 | set_to_dummy_if_null(ops, file_set_fowner); | 1038 | set_to_dummy_if_null(ops, file_set_fowner); |
1034 | set_to_dummy_if_null(ops, file_send_sigiotask); | 1039 | set_to_dummy_if_null(ops, file_send_sigiotask); |
1035 | set_to_dummy_if_null(ops, file_receive); | 1040 | set_to_dummy_if_null(ops, file_receive); |
1041 | set_to_dummy_if_null(ops, dentry_open); | ||
1036 | set_to_dummy_if_null(ops, task_create); | 1042 | set_to_dummy_if_null(ops, task_create); |
1037 | set_to_dummy_if_null(ops, task_alloc_security); | 1043 | set_to_dummy_if_null(ops, task_alloc_security); |
1038 | set_to_dummy_if_null(ops, task_free_security); | 1044 | set_to_dummy_if_null(ops, task_free_security); |