summaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-04-03 09:37:02 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2012-04-03 09:48:40 -0700
commit3b3b0e4fc15efa507b902d90cea39e496a523c3b (patch)
treed7b91c21ad6c6f4ac21dd51297b74eec47c61684 /security/selinux/include
parent95694129b43165911dc4e8a972f0d39ad98d86be (diff)
downloadop-kernel-dev-3b3b0e4fc15efa507b902d90cea39e496a523c3b.zip
op-kernel-dev-3b3b0e4fc15efa507b902d90cea39e496a523c3b.tar.gz
LSM: shrink sizeof LSM specific portion of common_audit_data
Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/avc.h16
1 files changed, 16 insertions, 0 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 005a91b..fa13f17 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -46,6 +46,22 @@ struct avc_cache_stats {
unsigned int frees;
};
+struct selinux_audit_data {
+ u32 ssid;
+ u32 tsid;
+ u16 tclass;
+ u32 requested;
+ u32 audited;
+ u32 denied;
+ /*
+ * auditdeny is a bit tricky and unintuitive. See the
+ * comments in avc.c for it's meaning and usage.
+ */
+ u32 auditdeny;
+ struct av_decision *avd;
+ int result;
+};
+
/*
* AVC operations
*/
OpenPOWER on IntegriCloud