SELinux: Allow NetLabel to directly cache SIDs

Now that the SELinux NetLabel "base SID" is always the netmsg initial SID we can do a big optimization - caching the SID and not just the MLS attributes. This not only saves a lot of per-packet memory allocations and copies but it has a nice side effect of removing a chunk of code. Signed-off-by: Paul Moore <[email protected]> Signed-off-by: James Morris <[email protected]>
author: Paul Moore <[email protected]> 2008-01-29 13:44:18 +0000
committer: James Morris <[email protected]> 2008-01-29 21:17:27 +0000
commit: 5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8 (patch)
tree: e1e028acaf0dd08cbcacd2c125f60230f820b442 /security/selinux/hooks.c
parent: SELinux: Enable dynamic enable/disable of the network access checks (diff)
download: kernel-5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8.tar.gz
kernel-5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8.zip
1 files changed, 1 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6156241c8770..c90e865a8603 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3468,11 +3468,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
 	u32 nlbl_type;
 
 	selinux_skb_xfrm_sid(skb, &xfrm_sid);
-	selinux_netlbl_skbuff_getsid(skb,
-				     family,
-				     SECINITSID_NETMSG,
-				     &nlbl_type,
-				     &nlbl_sid);
+	selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
 
 	if (security_net_peersid_resolve(nlbl_sid, nlbl_type,
 					 xfrm_sid,
author	Paul Moore <[email protected]>	2008-01-29 13:44:18 +0000
committer	James Morris <[email protected]>	2008-01-29 21:17:27 +0000
commit	5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8 (patch)
tree	e1e028acaf0dd08cbcacd2c125f60230f820b442 /security/selinux/hooks.c
parent	SELinux: Enable dynamic enable/disable of the network access checks (diff)
download	kernel-5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8.tar.gz kernel-5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8.zip