Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2ad312d2 authored by Steve Grubb's avatar Steve Grubb Committed by Al Viro
Browse files

[PATCH] Audit Filter Performance 



While testing the watch performance, I noticed that selinux_task_ctxid()
was creeping into the results more than it should. Investigation showed
that the function call was being called whether it was needed or not. The
below patch fixes this.

Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 073115d6

kernel/auditsc.c

+7 −4
Original line number Diff line number Diff line
@@ -168,11 +168,9 @@ static int audit_filter_rules(struct task_struct *tsk, 
			      struct audit_context *ctx,

			      enum audit_state *state)

{

	int i, j;

	int i, j, need_sid = 1;

	u32 sid;



	selinux_task_ctxid(tsk, &sid);



	for (i = 0; i < rule->field_count; i++) {

		struct audit_field *f = &rule->fields[i];

		int result = 0;
@@ -271,11 +269,16 @@ static int audit_filter_rules(struct task_struct *tsk, 
			   match for now to avoid losing information that

			   may be wanted.   An error message will also be

			   logged upon error */

			if (f->se_rule)

			if (f->se_rule) {

				if (need_sid) {

					selinux_task_ctxid(tsk, &sid);

					need_sid = 0;

				}

				result = selinux_audit_rule_match(sid, f->type,

				                                  f->op,

				                                  f->se_rule,

				                                  ctx);

			}

			break;

		case AUDIT_ARG0:

		case AUDIT_ARG1: