| Message ID | 20240119014420.493814-2-paul@paul-moore.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | selinux: reduce the object class calculations at inode init time | expand |
On Thu, Jan 18, 2024 at 8:44 PM Paul Moore <paul@paul-moore.com> wrote: > > We only need to call inode_mode_to_security_class() once in > selinux_inode_init_security(). > > Signed-off-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com> > --- > security/selinux/hooks.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 7c69ce62c106..9e59f9c80ca8 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2920,23 +2920,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, > struct superblock_security_struct *sbsec; > struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); > u32 newsid, clen; > + u16 newsclass; > int rc; > char *context; > > sbsec = selinux_superblock(dir->i_sb); > > newsid = tsec->create_sid; > - > - rc = selinux_determine_inode_label(tsec, dir, qstr, > - inode_mode_to_security_class(inode->i_mode), > - &newsid); > + newsclass = inode_mode_to_security_class(inode->i_mode); > + rc = selinux_determine_inode_label(tsec, dir, qstr, newsclass, &newsid); > if (rc) > return rc; > > /* Possibly defer initialization to selinux_complete_init. */ > if (sbsec->flags & SE_SBINITIALIZED) { > struct inode_security_struct *isec = selinux_inode(inode); > - isec->sclass = inode_mode_to_security_class(inode->i_mode); > + isec->sclass = newsclass; > isec->sid = newsid; > isec->initialized = LABEL_INITIALIZED; > } > -- > 2.43.0 > >
On Jan 18, 2024 Paul Moore <paul@paul-moore.com> wrote: > > We only need to call inode_mode_to_security_class() once in > selinux_inode_init_security(). > > Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com> > Signed-off-by: Paul Moore <paul@paul-moore.com> > --- > security/selinux/hooks.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) Merged into selinux/dev, thanks Paul. -- paul-moore.com
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7c69ce62c106..9e59f9c80ca8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2920,23 +2920,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, struct superblock_security_struct *sbsec; struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); u32 newsid, clen; + u16 newsclass; int rc; char *context; sbsec = selinux_superblock(dir->i_sb); newsid = tsec->create_sid; - - rc = selinux_determine_inode_label(tsec, dir, qstr, - inode_mode_to_security_class(inode->i_mode), - &newsid); + newsclass = inode_mode_to_security_class(inode->i_mode); + rc = selinux_determine_inode_label(tsec, dir, qstr, newsclass, &newsid); if (rc) return rc; /* Possibly defer initialization to selinux_complete_init. */ if (sbsec->flags & SE_SBINITIALIZED) { struct inode_security_struct *isec = selinux_inode(inode); - isec->sclass = inode_mode_to_security_class(inode->i_mode); + isec->sclass = newsclass; isec->sid = newsid; isec->initialized = LABEL_INITIALIZED; }
We only need to call inode_mode_to_security_class() once in selinux_inode_init_security(). Signed-off-by: Paul Moore <paul@paul-moore.com> --- security/selinux/hooks.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-)