SELinux: Only store the network interface's ifindex

Instead of storing the packet's network interface name store the ifindex. This allows us to defer the need to lookup the net_device structure until the audit record is generated meaning that in the majority of cases we never need to bother with this at all. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Paul Moore <paul.moore@hp.com> 2008-01-29 08:38:10 -0500
committer: James Morris <jmorris@namei.org> 2008-01-29 16:17:22 -0500
commit: da5645a28a15aed2e541a814ecf9f7ffcd4c4673 (patch)
tree: 8cedccebd0e12308de30573ad593d703943e3cbb /security/selinux/hooks.c
parent: e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index be544332214c..1a1fa3f20ef0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3928,7 +3928,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
                family = PF_INET;
        AVC_AUDIT_DATA_INIT(&ad, NET);
-        ad.u.net.netif = skb->dev ? skb->dev->name : "[unknown]";
+        ad.u.net.netif = skb->iif;
        ad.u.net.family = family;
        err = selinux_parse_skb(skb, &ad, &addrp, &len, 1, NULL);
@@ -4259,7 +4259,7 @@ static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
        sksec = sk->sk_security;
        AVC_AUDIT_DATA_INIT(&ad, NET);
-        ad.u.net.netif = dev->name;
+        ad.u.net.netif = dev->ifindex;
        ad.u.net.family = family;
        err = selinux_parse_skb(skb, &ad, &addrp, &len, 0, &proto);
author	Paul Moore <paul.moore@hp.com>	2008-01-29 08:38:10 -0500
committer	James Morris <jmorris@namei.org>	2008-01-29 16:17:22 -0500
commit	da5645a28a15aed2e541a814ecf9f7ffcd4c4673 (patch)
tree	8cedccebd0e12308de30573ad593d703943e3cbb /security/selinux/hooks.c
parent	e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index be544332214c..1a1fa3f20ef0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -3928,7 +3928,7 @@ static int selinux_socket_sock_rcv_skb(struct sock sk, struct sk_buff skb)
3928	family = PF_INET;	3928	family = PF_INET;
3929		3929
3930	AVC_AUDIT_DATA_INIT(&ad, NET);	3930	AVC_AUDIT_DATA_INIT(&ad, NET);
3931	ad.u.net.netif = skb->dev ? skb->dev->name : "[unknown]";	3931	ad.u.net.netif = skb->iif;
3932	ad.u.net.family = family;	3932	ad.u.net.family = family;
3933		3933
3934	err = selinux_parse_skb(skb, &ad, &addrp, &len, 1, NULL);	3934	err = selinux_parse_skb(skb, &ad, &addrp, &len, 1, NULL);
@@ -4259,7 +4259,7 @@ static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
4259	sksec = sk->sk_security;	4259	sksec = sk->sk_security;
4260		4260
4261	AVC_AUDIT_DATA_INIT(&ad, NET);	4261	AVC_AUDIT_DATA_INIT(&ad, NET);
4262	ad.u.net.netif = dev->name;	4262	ad.u.net.netif = dev->ifindex;
4263	ad.u.net.family = family;	4263	ad.u.net.family = family;
4264		4264
4265	err = selinux_parse_skb(skb, &ad, &addrp, &len, 0, &proto);	4265	err = selinux_parse_skb(skb, &ad, &addrp, &len, 0, &proto);