SELinux: delay initialization of audit data in selinux_inode_permission
authorEric Paris <eparis@redhat.com>
Wed, 4 Apr 2012 19:01:42 +0000 (15:01 -0400)
committerEric Paris <eparis@redhat.com>
Mon, 9 Apr 2012 16:22:59 +0000 (12:22 -0400)
commit2e33405785d3eaec303c54b4a10afdebf3729da7
treef4c0d114503796e9f958341393e336f76a7eb6dd
parent154c50ca4eb9ae472f50b6a481213e21ead4457d
SELinux: delay initialization of audit data in selinux_inode_permission

We pay a rather large overhead initializing the common_audit_data.
Since we only need this information if we actually emit an audit
message there is little need to set it up in the hot path.  This patch
splits the functionality of avc_has_perm() into avc_has_perm_noaudit(),
avc_audit_required() and slow_avc_audit().  But we take care of setting
up to audit between required() and the actual audit call.  Thus saving
measurable time in a hot path.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/include/avc.h