path: root/security/selinux/include
diff options
authorEric Paris <eparis@redhat.com>2012-04-03 09:38:00 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2012-04-03 09:49:41 -0700
commit3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09 (patch)
tree20a7485417c8528d975ef4ff6e90467f63f67ab2 /security/selinux/include
parentf8294f1144ad0630075918df4bf94075f5384604 (diff)
SELinux: do not allocate stack space for AVC data unless needed
Instead of declaring the entire selinux_audit_data on the stack when we start an operation on declare it on the stack if we are going to use it. We know it's usefulness at the end of the security decision and can declare it there. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/selinux/include')
1 files changed, 12 insertions, 2 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 09c3eda12128..1931370233d7 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -46,19 +46,29 @@ struct avc_cache_stats {
unsigned int frees;
-struct selinux_audit_data {
+ * We only need this data after we have decided to send an audit message.
+ */
+struct selinux_late_audit_data {
u32 ssid;
u32 tsid;
u16 tclass;
u32 requested;
u32 audited;
u32 denied;
+ int result;
+ * We collect this at the beginning or during an selinux security operation
+ */
+struct selinux_audit_data {
* auditdeny is a bit tricky and unintuitive. See the
* comments in avc.c for it's meaning and usage.
u32 auditdeny;
- int result;
+ struct selinux_late_audit_data *slad;

Privacy Policy