@@ -23,6 +23,12 @@ config FLASK
If unsure, say N.
+config FLASK_AVC_STATS
+ def_bool y
+ depends on FLASK
+ ---help---
+ Maintain statistics on the access vector cache
+
# Select HAS_DEVICE_TREE if device tree is supported
config HAS_DEVICE_TREE
bool
@@ -78,11 +78,6 @@
#define __STR(...) #__VA_ARGS__
#define STR(...) __STR(__VA_ARGS__)
-#ifdef CONFIG_FLASK
-/* Maintain statistics on the access vector cache */
-#define FLASK_AVC_STATS 1
-#endif
-
/* allow existing code to work with Kconfig variable */
#define NR_CPUS CONFIG_NR_CPUS
@@ -56,7 +56,7 @@ const struct selinux_class_perm selinux_class_perm = {
#define AVC_DEF_CACHE_THRESHOLD 512
#define AVC_CACHE_RECLAIM 16
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
#define avc_cache_stats_incr(field) \
do { \
__get_cpu_var(avc_cache_stats).field++; \
@@ -101,7 +101,7 @@ struct avc_callback_node {
/* Exported via Flask hypercall */
unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
#endif
@@ -469,7 +469,7 @@ static int flask_security_make_bools(void)
return ret;
}
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
{
@@ -761,7 +761,7 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
rv = avc_get_hash_stats(&op.u.hash_stats);
break;
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
case FLASK_AVC_CACHESTATS:
rv = flask_security_avc_cachestats(&op.u.cache_stats);
break;
@@ -108,7 +108,7 @@ struct xen_flask_hash_stats;
int avc_get_hash_stats(struct xen_flask_hash_stats *arg);
extern unsigned int avc_cache_threshold;
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
#endif