diff options
| author | Stephen Smalley <[email protected]> | 2025-05-21 14:41:23 +0000 |
|---|---|---|
| committer | Paul Moore <[email protected]> | 2025-06-19 21:23:04 +0000 |
| commit | 1106896146d8711fdc899e6fc792e1d01f9b9f15 (patch) | |
| tree | 15902e6e531166619f1184b9a30da1cdbd1fd0c8 /lib/crypto/mpi/mpi-cmp.c | |
| parent | documentation: add links to SELinux resources (diff) | |
| download | kernel-1106896146d8711fdc899e6fc792e1d01f9b9f15.tar.gz kernel-1106896146d8711fdc899e6fc792e1d01f9b9f15.zip | |
selinux: introduce neveraudit types
Introduce neveraudit types i.e. types that should never trigger
audit messages. This allows the AVC to skip all audit-related
processing for such types. Note that neveraudit differs from
dontaudit not only wrt being applied for all checks with a given
source type but also in that it disables all auditing, not just
permission denials.
When a type is both a permissive type and a neveraudit type,
the security server can short-circuit the security_compute_av()
logic, allowing all permissions and not auditing any permissions.
This change just introduces the basic support but does not yet
further optimize the AVC or hook function logic when a type
is both a permissive type and a dontaudit type.
Suggested-by: Paul Moore <[email protected]>
Signed-off-by: Stephen Smalley <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Diffstat (limited to 'lib/crypto/mpi/mpi-cmp.c')
0 files changed, 0 insertions, 0 deletions