diff options
| author | Steve Grubb <sgrubb@redhat.com> | 2006-04-03 14:06:13 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-05-01 06:09:53 -0400 |
| commit | 1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (patch) | |
| tree | c66a1c3be846e34f1aac5db640b7ccb8770e8a80 /include/linux/selinux.h | |
| parent | 3dc7e3153eddfcf7ba8b50628775ba516e5f759f (diff) | |
[PATCH] audit inode patch
Previously, we were gathering the context instead of the sid. Now in this patch,
we gather just the sid and convert to context only if an audit event is being
output.
This patch brings the performance hit from 146% down to 23%
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/selinux.h')
| -rw-r--r-- | include/linux/selinux.h | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h index 9d684b1728b0..84a6c7404687 100644 --- a/include/linux/selinux.h +++ b/include/linux/selinux.h | |||
| @@ -15,6 +15,7 @@ | |||
| 15 | 15 | ||
| 16 | struct selinux_audit_rule; | 16 | struct selinux_audit_rule; |
| 17 | struct audit_context; | 17 | struct audit_context; |
| 18 | struct inode; | ||
| 18 | 19 | ||
| 19 | #ifdef CONFIG_SECURITY_SELINUX | 20 | #ifdef CONFIG_SECURITY_SELINUX |
| 20 | 21 | ||
| @@ -76,6 +77,27 @@ void selinux_audit_set_callback(int (*callback)(void)); | |||
| 76 | */ | 77 | */ |
| 77 | void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid); | 78 | void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid); |
| 78 | 79 | ||
| 80 | /** | ||
| 81 | * selinux_ctxid_to_string - map a security context ID to a string | ||
| 82 | * @ctxid: security context ID to be converted. | ||
| 83 | * @ctx: address of context string to be returned | ||
| 84 | * @ctxlen: length of returned context string. | ||
| 85 | * | ||
| 86 | * Returns 0 if successful, -errno if not. On success, the context | ||
| 87 | * string will be allocated internally, and the caller must call | ||
| 88 | * kfree() on it after use. | ||
| 89 | */ | ||
| 90 | int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen); | ||
| 91 | |||
| 92 | /** | ||
| 93 | * selinux_get_inode_sid - get the inode's security context ID | ||
| 94 | * @inode: inode structure to get the sid from. | ||
| 95 | * @sid: pointer to security context ID to be filled in. | ||
| 96 | * | ||
| 97 | * Returns nothing | ||
| 98 | */ | ||
| 99 | void selinux_get_inode_sid(const struct inode *inode, u32 *sid); | ||
| 100 | |||
| 79 | #else | 101 | #else |
| 80 | 102 | ||
| 81 | static inline int selinux_audit_rule_init(u32 field, u32 op, | 103 | static inline int selinux_audit_rule_init(u32 field, u32 op, |
| @@ -107,6 +129,18 @@ static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid) | |||
| 107 | *ctxid = 0; | 129 | *ctxid = 0; |
| 108 | } | 130 | } |
| 109 | 131 | ||
| 132 | static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen) | ||
| 133 | { | ||
| 134 | *ctx = NULL; | ||
| 135 | *ctxlen = 0; | ||
| 136 | return 0; | ||
| 137 | } | ||
| 138 | |||
| 139 | static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid) | ||
| 140 | { | ||
| 141 | *sid = 0; | ||
| 142 | } | ||
| 143 | |||
| 110 | #endif /* CONFIG_SECURITY_SELINUX */ | 144 | #endif /* CONFIG_SECURITY_SELINUX */ |
| 111 | 145 | ||
| 112 | #endif /* _LINUX_SELINUX_H */ | 146 | #endif /* _LINUX_SELINUX_H */ |