SELinux: Allow NetLabel to directly cache SIDs

Now that the SELinux NetLabel "base SID" is always the netmsg initial SID we can do a big optimization - caching the SID and not just the MLS attributes. This not only saves a lot of per-packet memory allocations and copies but it has a nice side effect of removing a chunk of code. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
2008-01-29 08:44:18 -05:00
parent d621d35e57
commit 5dbe1eb0cf
5 changed files with 55 additions and 134 deletions
--- a/security/selinux/include/netlabel.h
+++ b/security/selinux/include/netlabel.h
@ -48,7 +48,6 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec,

 int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
 				 u16 family,
-				 u32 base_sid,
 				 u32 *type,
 				 u32 *sid);

@ -89,7 +88,6 @@ static inline void selinux_netlbl_sk_security_clone(

 static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
 					       u16 family,
-					       u32 base_sid,
 					       u32 *type,
 					       u32 *sid)
 {
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@ -124,7 +124,6 @@ int security_genfs_sid(const char *fstype, char *name, u16 sclass,

 #ifdef CONFIG_NETLABEL
 int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
-				   u32 base_sid,
 				   u32 *sid);

 int security_netlbl_sid_to_secattr(u32 sid,
@ -132,7 +131,6 @@ int security_netlbl_sid_to_secattr(u32 sid,
 #else
 static inline int security_netlbl_secattr_to_sid(
 					    struct netlbl_lsm_secattr *secattr,
-					    u32 base_sid,
 					    u32 *sid)
 {
 	return -EIDRM;