SELinux: move common_audit_data to a noinline slow path function (d4cf970d) · Commits · e / devices / android_kernel_teracube_2e

security/selinux/hooks.c

+21 −11

Original line number	Diff line number	Diff line
		@@ -2658,11 +2658,29 @@ static int selinux_inode_follow_link(struct dentry dentry, struct nameidata na
		return dentry_has_perm(cred, dentry, FILE__READ);
		}

		static int selinux_inode_permission(struct inode *inode, int mask)
		static noinline int audit_inode_permission(struct inode *inode,
		u32 perms, u32 audited, u32 denied,
		unsigned flags)
		{
		const struct cred *cred = current_cred();
		struct common_audit_data ad;
		struct selinux_audit_data sad = {0,};
		struct inode_security_struct *isec = inode->i_security;
		int rc;

		COMMON_AUDIT_DATA_INIT(&ad, INODE);
		ad.selinux_audit_data = &sad;
		ad.u.inode = inode;

		rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
		audited, denied, &ad, flags);
		if (rc)
		return rc;
		return 0;
		}

		static int selinux_inode_permission(struct inode *inode, int mask)
		{
		const struct cred *cred = current_cred();
		u32 perms;
		bool from_access;
		unsigned flags = mask & MAY_NOT_BLOCK;
		@@ -2696,15 +2714,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
		if (likely(!audited))
		return rc;

		COMMON_AUDIT_DATA_INIT(&ad, INODE);
		ad.selinux_audit_data = &sad;
		ad.u.inode = inode;

		if (from_access)
		ad.selinux_audit_data->auditdeny \|= FILE__AUDIT_ACCESS;

		rc2 = slow_avc_audit(sid, isec->sid, isec->sclass, perms,
		audited, denied, &ad, flags);
		rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
		if (rc2)
		return rc2;
		return rc;