linux-sg2042/security/selinux/ss
Stephen Smalley 2c3c05dbcb SELinux: allow preemption between transition permission checks
In security_get_user_sids, move the transition permission checks
outside of the section holding the policy rdlock, and use the AVC to
perform the checks, calling cond_resched after each one.  These
changes should allow preemption between the individual checks and
enable caching of the results.  It may however increase the overall
time spent in the function in some cases, particularly in the cache
miss case.

The long term fix will be to take much of this logic to userspace by
exporting additional state via selinuxfs, and ultimately deprecating
and eliminating this interface from the kernel.

Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2007-07-11 22:52:25 -04:00
..
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
avtab.c Reassign printk levels in selinux kernel code 2007-02-26 14:43:07 -05:00
avtab.h [PATCH] selinux: Reduce memory use by avtab 2005-09-05 00:05:50 -07:00
conditional.c [PATCH] SELinux: convert to kzalloc 2005-10-30 17:37:11 -08:00
conditional.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
constraint.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
context.h selinux: Delete mls_copy_context 2007-01-08 17:32:51 -05:00
ebitmap.c NetLabel: convert to an extensibile/sparse category bitmap 2006-12-02 21:31:36 -08:00
ebitmap.h NetLabel: convert to an extensibile/sparse category bitmap 2006-12-02 21:31:36 -08:00
hashtab.c SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
hashtab.h SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
mls.c selinux: Delete mls_copy_context 2007-01-08 17:32:51 -05:00
mls.h selinux: Delete mls_copy_context 2007-01-08 17:32:51 -05:00
mls_types.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
policydb.c selinux: introduce schedule points in policydb_destroy() 2007-07-11 22:52:23 -04:00
policydb.h [PATCH] selinux: add support for range transitions on object classes 2006-09-26 08:48:52 -07:00
services.c SELinux: allow preemption between transition permission checks 2007-07-11 22:52:25 -04:00
services.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.c Reassign printk levels in selinux kernel code 2007-02-26 14:43:07 -05:00
sidtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
symtab.c SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00