diff options
author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:44:18 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:27 -0500 |
commit | 5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8 (patch) | |
tree | e1e028acaf0dd08cbcacd2c125f60230f820b442 /security/selinux/include | |
parent | d621d35e576aa20a0ddae8022c3810f38357c8ff (diff) |
SELinux: Allow NetLabel to directly cache SIDs
Now that the SELinux NetLabel "base SID" is always the netmsg initial SID we
can do a big optimization - caching the SID and not just the MLS attributes.
This not only saves a lot of per-packet memory allocations and copies but it
has a nice side effect of removing a chunk of code.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/netlabel.h | 2 | ||||
-rw-r--r-- | security/selinux/include/security.h | 2 |
2 files changed, 0 insertions, 4 deletions
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h index c8c05a6f298c..00a2809c8506 100644 --- a/security/selinux/include/netlabel.h +++ b/security/selinux/include/netlabel.h | |||
@@ -48,7 +48,6 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | |||
48 | 48 | ||
49 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 49 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
50 | u16 family, | 50 | u16 family, |
51 | u32 base_sid, | ||
52 | u32 *type, | 51 | u32 *type, |
53 | u32 *sid); | 52 | u32 *sid); |
54 | 53 | ||
@@ -89,7 +88,6 @@ static inline void selinux_netlbl_sk_security_clone( | |||
89 | 88 | ||
90 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 89 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
91 | u16 family, | 90 | u16 family, |
92 | u32 base_sid, | ||
93 | u32 *type, | 91 | u32 *type, |
94 | u32 *sid) | 92 | u32 *sid) |
95 | { | 93 | { |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 9347e2daa8d4..23137c17f917 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -124,7 +124,6 @@ int security_genfs_sid(const char *fstype, char *name, u16 sclass, | |||
124 | 124 | ||
125 | #ifdef CONFIG_NETLABEL | 125 | #ifdef CONFIG_NETLABEL |
126 | int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | 126 | int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, |
127 | u32 base_sid, | ||
128 | u32 *sid); | 127 | u32 *sid); |
129 | 128 | ||
130 | int security_netlbl_sid_to_secattr(u32 sid, | 129 | int security_netlbl_sid_to_secattr(u32 sid, |
@@ -132,7 +131,6 @@ int security_netlbl_sid_to_secattr(u32 sid, | |||
132 | #else | 131 | #else |
133 | static inline int security_netlbl_secattr_to_sid( | 132 | static inline int security_netlbl_secattr_to_sid( |
134 | struct netlbl_lsm_secattr *secattr, | 133 | struct netlbl_lsm_secattr *secattr, |
135 | u32 base_sid, | ||
136 | u32 *sid) | 134 | u32 *sid) |
137 | { | 135 | { |
138 | return -EIDRM; | 136 | return -EIDRM; |