]> Pileus Git - ~andy/linux/blobdiff - security/selinux/include/avc.h
projects / ~andy / linux / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SELinux: do not allocate stack space for AVC data unless needed
[~andy/linux] / security / selinux / include / avc.h
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 09c3eda1212839624746c4cf20ff5c01e996d53f..1931370233d7b2123dad2947c930c0ecb9722ac5 100644 (file)
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -46,19 +46,29 @@ struct avc_cache_stats {
        unsigned int frees;
 };
 
-struct selinux_audit_data {
+/*
+ * We only need this data after we have decided to send an audit message.
+ */
+struct selinux_late_audit_data {
        u32 ssid;
        u32 tsid;
        u16 tclass;
        u32 requested;
        u32 audited;
        u32 denied;
+       int result;
+};
+
+/*
+ * We collect this at the beginning or during an selinux security operation
+ */
+struct selinux_audit_data {
        /*
         * auditdeny is a bit tricky and unintuitive.  See the
         * comments in avc.c for it's meaning and usage.
         */
        u32 auditdeny;
-       int result;
+       struct selinux_late_audit_data *slad;
 };
 
 /*
Andy's Linux Kernel repo