SELinux: Improve read/write performance

It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
author: Yuichi Nakamura <ynakam@hitachisoft.jp> 2007-09-13 20:27:07 -0400
committer: James Morris <jmorris@namei.org> 2007-10-16 18:59:31 -0400
commit: 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch)
tree: cbe2d2a360aaf7dc243bef432e1c50507ae6db7b /security/selinux/hooks.c
parent: 3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff)
1 files changed, 52 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cf76150e623e..97b7e2738097 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -14,6 +14,8 @@
 *                          <dgoeddel@trustedcs.com>
 *  Copyright (C) 2006 Hewlett-Packard Development Company, L.P.
 *                     Paul Moore, <paul.moore@hp.com>
+ *  Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
+ *                     Yuichi Nakamura <ynakam@hitachisoft.jp>
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License version 2,
@@ -2464,7 +2466,7 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t
 /* file security operations */
-static int selinux_file_permission(struct file *file, int mask)
+static int selinux_revalidate_file_permission(struct file *file, int mask)
 {
        int rc;
        struct inode *inode = file->f_path.dentry->d_inode;
@@ -2486,6 +2488,25 @@ static int selinux_file_permission(struct file *file, int mask)
        return selinux_netlbl_inode_permission(inode, mask);
 }
+static int selinux_file_permission(struct file *file, int mask)
+{
+        struct inode *inode = file->f_path.dentry->d_inode;
+        struct task_security_struct *tsec = current->security;
+        struct file_security_struct *fsec = file->f_security;
+        struct inode_security_struct *isec = inode->i_security;
+        if (!mask) {
+                /* No permission to check.  Existence test. */
+                return 0;
+        }
+        if (tsec->sid == fsec->sid && fsec->isid == isec->sid
+            && fsec->pseqno == avc_policy_seqno())
+                return selinux_netlbl_inode_permission(inode, mask);
+        return selinux_revalidate_file_permission(file, mask);
+}
 static int selinux_file_alloc_security(struct file *file)
 {
        return file_alloc_security(file);
@@ -2725,6 +2746,34 @@ static int selinux_file_receive(struct file *file)
        return file_has_perm(current, file, file_to_av(file));
 }
+static int selinux_dentry_open(struct file *file)
+{
+        struct file_security_struct *fsec;
+        struct inode *inode;
+        struct inode_security_struct *isec;
+        inode = file->f_path.dentry->d_inode;
+        fsec = file->f_security;
+        isec = inode->i_security;
+        /*
+         * Save inode label and policy sequence number
+         * at open-time so that selinux_file_permission
+         * can determine whether revalidation is necessary.
+         * Task label is already saved in the file security
+         * struct as its SID.
+         */
+        fsec->isid = isec->sid;
+        fsec->pseqno = avc_policy_seqno();
+        /*
+         * Since the inode label or policy seqno may have changed
+         * between the selinux_inode_permission check and the saving
+         * of state above, recheck that access is still permitted.
+         * Otherwise, access might never be revalidated against the
+         * new inode label or new policy.
+         * This check is not redundant - do not remove.
+         */
+        return inode_has_perm(current, inode, file_to_av(file), NULL);
+}
 /* task security operations */
 static int selinux_task_create(unsigned long clone_flags)
@@ -4794,6 +4843,8 @@ static struct security_operations selinux_ops = {
        .file_send_sigiotask =          selinux_file_send_sigiotask,
        .file_receive =                 selinux_file_receive,
+        .dentry_open =                  selinux_dentry_open,
        .task_create =                  selinux_task_create,
        .task_alloc_security =          selinux_task_alloc_security,
        .task_free_security =           selinux_task_free_security,
author	Yuichi Nakamura <ynakam@hitachisoft.jp>	2007-09-13 20:27:07 -0400
committer	James Morris <jmorris@namei.org>	2007-10-16 18:59:31 -0400
commit	788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch)
tree	cbe2d2a360aaf7dc243bef432e1c50507ae6db7b /security/selinux/hooks.c
parent	3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index cf76150e623e..97b7e2738097 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -14,6 +14,8 @@
14	* <dgoeddel@trustedcs.com>	14	* <dgoeddel@trustedcs.com>
15	* Copyright (C) 2006 Hewlett-Packard Development Company, L.P.	15	* Copyright (C) 2006 Hewlett-Packard Development Company, L.P.
16	* Paul Moore, <paul.moore@hp.com>	16	* Paul Moore, <paul.moore@hp.com>
		17	* Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
		18	* Yuichi Nakamura <ynakam@hitachisoft.jp>
17	*	19	*
18	* This program is free software; you can redistribute it and/or modify	20	* This program is free software; you can redistribute it and/or modify
19	* it under the terms of the GNU General Public License version 2,	21	* it under the terms of the GNU General Public License version 2,
@@ -2464,7 +2466,7 @@ static int selinux_inode_listsecurity(struct inode inode, char buffer, size_t
2464		2466
2465	/* file security operations */	2467	/* file security operations */
2466		2468
2467	static int selinux_file_permission(struct file *file, int mask)	2469	static int selinux_revalidate_file_permission(struct file *file, int mask)
2468	{	2470	{
2469	int rc;	2471	int rc;
2470	struct inode *inode = file->f_path.dentry->d_inode;	2472	struct inode *inode = file->f_path.dentry->d_inode;
@@ -2486,6 +2488,25 @@ static int selinux_file_permission(struct file *file, int mask)
2486	return selinux_netlbl_inode_permission(inode, mask);	2488	return selinux_netlbl_inode_permission(inode, mask);
2487	}	2489	}
2488		2490
		2491	static int selinux_file_permission(struct file *file, int mask)
		2492	{
		2493	struct inode *inode = file->f_path.dentry->d_inode;
		2494	struct task_security_struct *tsec = current->security;
		2495	struct file_security_struct *fsec = file->f_security;
		2496	struct inode_security_struct *isec = inode->i_security;
		2497
		2498	if (!mask) {
		2499	/* No permission to check. Existence test. */
		2500	return 0;
		2501	}
		2502
		2503	if (tsec->sid == fsec->sid && fsec->isid == isec->sid
		2504	&& fsec->pseqno == avc_policy_seqno())
		2505	return selinux_netlbl_inode_permission(inode, mask);
		2506
		2507	return selinux_revalidate_file_permission(file, mask);
		2508	}
		2509
2489	static int selinux_file_alloc_security(struct file *file)	2510	static int selinux_file_alloc_security(struct file *file)
2490	{	2511	{
2491	return file_alloc_security(file);	2512	return file_alloc_security(file);
@@ -2725,6 +2746,34 @@ static int selinux_file_receive(struct file *file)
2725	return file_has_perm(current, file, file_to_av(file));	2746	return file_has_perm(current, file, file_to_av(file));
2726	}	2747	}
2727		2748
		2749	static int selinux_dentry_open(struct file *file)
		2750	{
		2751	struct file_security_struct *fsec;
		2752	struct inode *inode;
		2753	struct inode_security_struct *isec;
		2754	inode = file->f_path.dentry->d_inode;
		2755	fsec = file->f_security;
		2756	isec = inode->i_security;
		2757	/*
		2758	* Save inode label and policy sequence number
		2759	* at open-time so that selinux_file_permission
		2760	* can determine whether revalidation is necessary.
		2761	* Task label is already saved in the file security
		2762	* struct as its SID.
		2763	*/
		2764	fsec->isid = isec->sid;
		2765	fsec->pseqno = avc_policy_seqno();
		2766	/*
		2767	* Since the inode label or policy seqno may have changed
		2768	* between the selinux_inode_permission check and the saving
		2769	* of state above, recheck that access is still permitted.
		2770	* Otherwise, access might never be revalidated against the
		2771	* new inode label or new policy.
		2772	* This check is not redundant - do not remove.
		2773	*/
		2774	return inode_has_perm(current, inode, file_to_av(file), NULL);
		2775	}
		2776
2728	/* task security operations */	2777	/* task security operations */
2729		2778
2730	static int selinux_task_create(unsigned long clone_flags)	2779	static int selinux_task_create(unsigned long clone_flags)
@@ -4794,6 +4843,8 @@ static struct security_operations selinux_ops = {
4794	.file_send_sigiotask = selinux_file_send_sigiotask,	4843	.file_send_sigiotask = selinux_file_send_sigiotask,
4795	.file_receive = selinux_file_receive,	4844	.file_receive = selinux_file_receive,
4796		4845
		4846	.dentry_open = selinux_dentry_open,
		4847
4797	.task_create = selinux_task_create,	4848	.task_create = selinux_task_create,
4798	.task_alloc_security = selinux_task_alloc_security,	4849	.task_alloc_security = selinux_task_alloc_security,
4799	.task_free_security = selinux_task_free_security,	4850	.task_free_security = selinux_task_free_security,