SELinux: Improve read/write performance It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb [log] [tgz]
author: Yuichi Nakamura <ynakam@hitachisoft.jp> Fri Sep 14 09:27:07 2007 +0900
committer: James Morris <jmorris@namei.org> Wed Oct 17 08:59:31 2007 +1000
tree: cbe2d2a360aaf7dc243bef432e1c50507ae6db7b
parent: 3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 [diff] [blame]
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 91b88f0..642a9fd 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h

@@ -53,6 +53,8 @@
 	struct file *file;              /* back pointer to file object */
 	u32 sid;              /* SID of open file description */
 	u32 fown_sid;         /* SID of file owner (for SIGIO) */
+	u32 isid;             /* SID of inode at the time of file open */
+	u32 pseqno;           /* Policy seqno at the time of file open */
 };
 
 struct superblock_security_struct {
commit	788e7dd4c22e6f41b3a118fd8c291f831f6fddbb	[log] [tgz]
author	Yuichi Nakamura <ynakam@hitachisoft.jp>	Fri Sep 14 09:27:07 2007 +0900
committer	James Morris <jmorris@namei.org>	Wed Oct 17 08:59:31 2007 +1000
tree	cbe2d2a360aaf7dc243bef432e1c50507ae6db7b
parent	3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 [diff] [blame]