aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorYuichi Nakamura <ynakam@hitachisoft.jp>2007-09-13 20:27:07 -0400
committerJames Morris <jmorris@namei.org>2007-10-16 18:59:31 -0400
commit788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch)
treecbe2d2a360aaf7dc243bef432e1c50507ae6db7b /security
parent3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff)
SELinux: Improve read/write performance
It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/dummy.c6
-rw-r--r--security/selinux/avc.c5
-rw-r--r--security/selinux/hooks.c53
-rw-r--r--security/selinux/include/avc.h2
-rw-r--r--security/selinux/include/objsec.h2
5 files changed, 67 insertions, 1 deletions
diff --git a/security/dummy.c b/security/dummy.c
index 853ec229279..64b647a0d9a 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -463,6 +463,11 @@ static int dummy_file_receive (struct file *file)
463 return 0; 463 return 0;
464} 464}
465 465
466static int dummy_dentry_open (struct file *file)
467{
468 return 0;
469}
470
466static int dummy_task_create (unsigned long clone_flags) 471static int dummy_task_create (unsigned long clone_flags)
467{ 472{
468 return 0; 473 return 0;
@@ -1033,6 +1038,7 @@ void security_fixup_ops (struct security_operations *ops)
1033 set_to_dummy_if_null(ops, file_set_fowner); 1038 set_to_dummy_if_null(ops, file_set_fowner);
1034 set_to_dummy_if_null(ops, file_send_sigiotask); 1039 set_to_dummy_if_null(ops, file_send_sigiotask);
1035 set_to_dummy_if_null(ops, file_receive); 1040 set_to_dummy_if_null(ops, file_receive);
1041 set_to_dummy_if_null(ops, dentry_open);
1036 set_to_dummy_if_null(ops, task_create); 1042 set_to_dummy_if_null(ops, task_create);
1037 set_to_dummy_if_null(ops, task_alloc_security); 1043 set_to_dummy_if_null(ops, task_alloc_security);
1038 set_to_dummy_if_null(ops, task_free_security); 1044 set_to_dummy_if_null(ops, task_free_security);
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 0e69adf63bd..81b3dff3cbf 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -916,3 +916,8 @@ int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
916 avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); 916 avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
917 return rc; 917 return rc;
918} 918}
919
920u32 avc_policy_seqno(void)
921{
922 return avc_cache.latest_notif;
923}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cf76150e623..97b7e273809 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -14,6 +14,8 @@
14 * <dgoeddel@trustedcs.com> 14 * <dgoeddel@trustedcs.com>
15 * Copyright (C) 2006 Hewlett-Packard Development Company, L.P. 15 * Copyright (C) 2006 Hewlett-Packard Development Company, L.P.
16 * Paul Moore, <paul.moore@hp.com> 16 * Paul Moore, <paul.moore@hp.com>
17 * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
18 * Yuichi Nakamura <ynakam@hitachisoft.jp>
17 * 19 *
18 * This program is free software; you can redistribute it and/or modify 20 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License version 2, 21 * it under the terms of the GNU General Public License version 2,
@@ -2464,7 +2466,7 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t
2464 2466
2465/* file security operations */ 2467/* file security operations */
2466 2468
2467static int selinux_file_permission(struct file *file, int mask) 2469static int selinux_revalidate_file_permission(struct file *file, int mask)
2468{ 2470{
2469 int rc; 2471 int rc;
2470 struct inode *inode = file->f_path.dentry->d_inode; 2472 struct inode *inode = file->f_path.dentry->d_inode;
@@ -2486,6 +2488,25 @@ static int selinux_file_permission(struct file *file, int mask)
2486 return selinux_netlbl_inode_permission(inode, mask); 2488 return selinux_netlbl_inode_permission(inode, mask);
2487} 2489}
2488 2490
2491static int selinux_file_permission(struct file *file, int mask)
2492{
2493 struct inode *inode = file->f_path.dentry->d_inode;
2494 struct task_security_struct *tsec = current->security;
2495 struct file_security_struct *fsec = file->f_security;
2496 struct inode_security_struct *isec = inode->i_security;
2497
2498 if (!mask) {
2499 /* No permission to check. Existence test. */
2500 return 0;
2501 }
2502
2503 if (tsec->sid == fsec->sid && fsec->isid == isec->sid
2504 && fsec->pseqno == avc_policy_seqno())
2505 return selinux_netlbl_inode_permission(inode, mask);
2506
2507 return selinux_revalidate_file_permission(file, mask);
2508}
2509
2489static int selinux_file_alloc_security(struct file *file) 2510static int selinux_file_alloc_security(struct file *file)
2490{ 2511{
2491 return file_alloc_security(file); 2512 return file_alloc_security(file);
@@ -2725,6 +2746,34 @@ static int selinux_file_receive(struct file *file)
2725 return file_has_perm(current, file, file_to_av(file)); 2746 return file_has_perm(current, file, file_to_av(file));
2726} 2747}
2727 2748
2749static int selinux_dentry_open(struct file *file)
2750{
2751 struct file_security_struct *fsec;
2752 struct inode *inode;
2753 struct inode_security_struct *isec;
2754 inode = file->f_path.dentry->d_inode;
2755 fsec = file->f_security;
2756 isec = inode->i_security;
2757 /*
2758 * Save inode label and policy sequence number
2759 * at open-time so that selinux_file_permission
2760 * can determine whether revalidation is necessary.
2761 * Task label is already saved in the file security
2762 * struct as its SID.
2763 */
2764 fsec->isid = isec->sid;
2765 fsec->pseqno = avc_policy_seqno();
2766 /*
2767 * Since the inode label or policy seqno may have changed
2768 * between the selinux_inode_permission check and the saving
2769 * of state above, recheck that access is still permitted.
2770 * Otherwise, access might never be revalidated against the
2771 * new inode label or new policy.
2772 * This check is not redundant - do not remove.
2773 */
2774 return inode_has_perm(current, inode, file_to_av(file), NULL);
2775}
2776
2728/* task security operations */ 2777/* task security operations */
2729 2778
2730static int selinux_task_create(unsigned long clone_flags) 2779static int selinux_task_create(unsigned long clone_flags)
@@ -4794,6 +4843,8 @@ static struct security_operations selinux_ops = {
4794 .file_send_sigiotask = selinux_file_send_sigiotask, 4843 .file_send_sigiotask = selinux_file_send_sigiotask,
4795 .file_receive = selinux_file_receive, 4844 .file_receive = selinux_file_receive,
4796 4845
4846 .dentry_open = selinux_dentry_open,
4847
4797 .task_create = selinux_task_create, 4848 .task_create = selinux_task_create,
4798 .task_alloc_security = selinux_task_alloc_security, 4849 .task_alloc_security = selinux_task_alloc_security,
4799 .task_free_security = selinux_task_free_security, 4850 .task_free_security = selinux_task_free_security,
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index e145f6e13b0..553607a19e9 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -112,6 +112,8 @@ int avc_has_perm(u32 ssid, u32 tsid,
112 u16 tclass, u32 requested, 112 u16 tclass, u32 requested,
113 struct avc_audit_data *auditdata); 113 struct avc_audit_data *auditdata);
114 114
115u32 avc_policy_seqno(void);
116
115#define AVC_CALLBACK_GRANT 1 117#define AVC_CALLBACK_GRANT 1
116#define AVC_CALLBACK_TRY_REVOKE 2 118#define AVC_CALLBACK_TRY_REVOKE 2
117#define AVC_CALLBACK_REVOKE 4 119#define AVC_CALLBACK_REVOKE 4
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 91b88f0ba20..642a9fd319a 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -53,6 +53,8 @@ struct file_security_struct {
53 struct file *file; /* back pointer to file object */ 53 struct file *file; /* back pointer to file object */
54 u32 sid; /* SID of open file description */ 54 u32 sid; /* SID of open file description */
55 u32 fown_sid; /* SID of file owner (for SIGIO) */ 55 u32 fown_sid; /* SID of file owner (for SIGIO) */
56 u32 isid; /* SID of inode at the time of file open */
57 u32 pseqno; /* Policy seqno at the time of file open */
56}; 58};
57 59
58struct superblock_security_struct { 60struct superblock_security_struct {