diff options
author | Eric Paris <eparis@redhat.com> | 2009-02-12 20:50:54 +0100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-02-13 23:23:08 +0100 |
commit | f1c6381a6e337adcecf84be2a838bd9e610e2365 (patch) | |
tree | a6e0857db27a38b0976fb422836f9443241b4b61 /security/selinux/ss/services.c | |
parent | SELinux: more careful use of avd in avc_has_perm_noaudit (diff) | |
download | linux-f1c6381a6e337adcecf84be2a838bd9e610e2365.tar.xz linux-f1c6381a6e337adcecf84be2a838bd9e610e2365.zip |
SELinux: remove unused av.decided field
It appears there was an intention to have the security server only decide
certain permissions and leave other for later as some sort of a portential
performance win. We are currently always deciding all 32 bits of
permissions and this is a useless couple of branches and wasted space.
This patch completely drops the av.decided concept.
This in a 17% reduction in the time spent in avc_has_perm_noaudit
based on oprofile sampling of a tbench benchmark.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r-- | security/selinux/ss/services.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index c65e4fe4a0f1..deeec6c013ae 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -407,7 +407,6 @@ static int context_struct_compute_av(struct context *scontext, * Initialize the access vectors to the default values. */ avd->allowed = 0; - avd->decided = 0xffffffff; avd->auditallow = 0; avd->auditdeny = 0xffffffff; avd->seqno = latest_granting; @@ -743,7 +742,6 @@ int security_compute_av(u32 ssid, if (!ss_initialized) { avd->allowed = 0xffffffff; - avd->decided = 0xffffffff; avd->auditallow = 0; avd->auditdeny = 0xffffffff; avd->seqno = latest_granting; |