leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
03a4c0182a
linux/security/selinux
History
Eric Paris 03a4c0182a SELinux: skip filename trans rules if ttype does not match parent dir 
Right now we walk to filename trans rule list for every inode that is
created.  First passes at policy using this facility creates around 5000
filename trans rules.  Running a list of 5000 entries every time is a bad
idea.  This patch adds a new ebitmap to policy which has a bit set for each
ttype that has at least 1 filename trans rule.  Thus when an inode is
created we can quickly determine if any rules exist for this parent
directory type and can skip the list if we know there is definitely no
relevant entry.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
2011-04-28 15:15:52 -04:00
..
include SELINUX: Make selinux cache VFS RCU walks safe 2011-04-25 16:24:41 -04:00
ss SELinux: skip filename trans rules if ttype does not match parent dir 2011-04-28 15:15:52 -04:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
avc.c LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE 2011-04-25 18:13:15 -04:00
exports.c secmark: make secmark object handling generic 2010-10-21 10:12:48 +11:00
hooks.c LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH 2011-04-25 18:14:07 -04:00
Kconfig selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
Makefile selinux: change to new flag variable 2010-10-21 10:12:40 +11:00
netif.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
netlabel.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netlink.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netnode.c SELinux: silence build warning when !CONFIG_BUG 2011-04-25 10:18:27 -04:00
netport.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nlmsgtab.c SELinux: define permissions for DCB netlink messages 2010-12-16 12:50:17 -05:00
selinuxfs.c selinux: add type_transition with name extension support for selinuxfs 2011-04-01 17:13:23 -04:00
xfrm.c selinux: Fix check for xfrm selinux context algorithm 2011-02-25 15:00:44 -05:00