aboutsummaryrefslogtreecommitdiffstats
path: root/security/dummy.c
diff options
context:
space:
mode:
authorYuichi Nakamura <ynakam@hitachisoft.jp>2007-09-13 20:27:07 -0400
committerJames Morris <jmorris@namei.org>2007-10-16 18:59:31 -0400
commit788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch)
treecbe2d2a360aaf7dc243bef432e1c50507ae6db7b /security/dummy.c
parent3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff)
SELinux: Improve read/write performance
It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/dummy.c')
-rw-r--r--security/dummy.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c
index 853ec229279..64b647a0d9a 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -463,6 +463,11 @@ static int dummy_file_receive (struct file *file)
463 return 0; 463 return 0;
464} 464}
465 465
466static int dummy_dentry_open (struct file *file)
467{
468 return 0;
469}
470
466static int dummy_task_create (unsigned long clone_flags) 471static int dummy_task_create (unsigned long clone_flags)
467{ 472{
468 return 0; 473 return 0;
@@ -1033,6 +1038,7 @@ void security_fixup_ops (struct security_operations *ops)
1033 set_to_dummy_if_null(ops, file_set_fowner); 1038 set_to_dummy_if_null(ops, file_set_fowner);
1034 set_to_dummy_if_null(ops, file_send_sigiotask); 1039 set_to_dummy_if_null(ops, file_send_sigiotask);
1035 set_to_dummy_if_null(ops, file_receive); 1040 set_to_dummy_if_null(ops, file_receive);
1041 set_to_dummy_if_null(ops, dentry_open);
1036 set_to_dummy_if_null(ops, task_create); 1042 set_to_dummy_if_null(ops, task_create);
1037 set_to_dummy_if_null(ops, task_alloc_security); 1043 set_to_dummy_if_null(ops, task_alloc_security);
1038 set_to_dummy_if_null(ops, task_free_security); 1044 set_to_dummy_if_null(ops, task_free_security);