aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2006-04-03 14:06:13 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2006-05-01 06:09:53 -0400
commit1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (patch)
treec66a1c3be846e34f1aac5db640b7ccb8770e8a80 /include/linux
parent3dc7e3153eddfcf7ba8b50628775ba516e5f759f (diff)
[PATCH] audit inode patch
Previously, we were gathering the context instead of the sid. Now in this patch, we gather just the sid and convert to context only if an audit event is being output. This patch brings the performance hit from 146% down to 23% Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/selinux.h34
1 files changed, 34 insertions, 0 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 9d684b1728b0..84a6c7404687 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -15,6 +15,7 @@
15 15
16struct selinux_audit_rule; 16struct selinux_audit_rule;
17struct audit_context; 17struct audit_context;
18struct inode;
18 19
19#ifdef CONFIG_SECURITY_SELINUX 20#ifdef CONFIG_SECURITY_SELINUX
20 21
@@ -76,6 +77,27 @@ void selinux_audit_set_callback(int (*callback)(void));
76 */ 77 */
77void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid); 78void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);
78 79
80/**
81 * selinux_ctxid_to_string - map a security context ID to a string
82 * @ctxid: security context ID to be converted.
83 * @ctx: address of context string to be returned
84 * @ctxlen: length of returned context string.
85 *
86 * Returns 0 if successful, -errno if not. On success, the context
87 * string will be allocated internally, and the caller must call
88 * kfree() on it after use.
89 */
90int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);
91
92/**
93 * selinux_get_inode_sid - get the inode's security context ID
94 * @inode: inode structure to get the sid from.
95 * @sid: pointer to security context ID to be filled in.
96 *
97 * Returns nothing
98 */
99void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
100
79#else 101#else
80 102
81static inline int selinux_audit_rule_init(u32 field, u32 op, 103static inline int selinux_audit_rule_init(u32 field, u32 op,
@@ -107,6 +129,18 @@ static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
107 *ctxid = 0; 129 *ctxid = 0;
108} 130}
109 131
132static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
133{
134 *ctx = NULL;
135 *ctxlen = 0;
136 return 0;
137}
138
139static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
140{
141 *sid = 0;
142}
143
110#endif /* CONFIG_SECURITY_SELINUX */ 144#endif /* CONFIG_SECURITY_SELINUX */
111 145
112#endif /* _LINUX_SELINUX_H */ 146#endif /* _LINUX_SELINUX_H */