diff options
author | Yuichi Nakamura <ynakam@hitachisoft.jp> | 2007-09-14 09:27:07 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-10-17 08:59:31 +1000 |
commit | 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch) | |
tree | cbe2d2a360aaf7dc243bef432e1c50507ae6db7b /security/selinux/avc.c | |
parent | 3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff) | |
download | lwn-788e7dd4c22e6f41b3a118fd8c291f831f6fddbb.tar.gz lwn-788e7dd4c22e6f41b3a118fd8c291f831f6fddbb.zip |
SELinux: Improve read/write performance
It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check. A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.
(see http://marc.info/?l=selinux&m=118972995207740&w=2)
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/avc.c')
-rw-r--r-- | security/selinux/avc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 0e69adf63bdb..81b3dff3cbf0 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -916,3 +916,8 @@ int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); return rc; } + +u32 avc_policy_seqno(void) +{ + return avc_cache.latest_notif; +} |