linux/security
Stephen Smalley 2c3c05dbcb SELinux: allow preemption between transition permission checks
In security_get_user_sids, move the transition permission checks
outside of the section holding the policy rdlock, and use the AVC to
perform the checks, calling cond_resched after each one.  These
changes should allow preemption between the individual checks and
enable caching of the results.  It may however increase the overall
time spent in the function in some cases, particularly in the cache
miss case.

The long term fix will be to take much of this logic to userspace by
exporting additional state via selinuxfs, and ultimately deprecating
and eliminating this interface from the kernel.

Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2007-07-11 22:52:25 -04:00
..
keys [AF_RXRPC]: Key facility changes for AF_RXRPC 2007-04-26 15:46:23 -07:00
selinux SELinux: allow preemption between transition permission checks 2007-07-11 22:52:25 -04:00
capability.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
commoncap.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dummy.c [PATCH] sanitize security_getprocattr() API 2007-03-14 15:27:48 -07:00
inode.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
Kconfig [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
Makefile [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
root_plug.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
security.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00