SELinux: remove unused av.decided field It appears there was an intention to have the security server only decide certain permissions and leave other for later as some sort of a portential performance win. We are currently always deciding all 32 bits of permissions and this is a useless couple of branches and wasted space. This patch completely drops the av.decided concept. This in a 17% reduction in the time spent in avc_has_perm_noaudit based on oprofile sampling of a tbench benchmark. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Paul Moore <paul.moore@hp.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: f1c6381a6e337adcecf84be2a838bd9e610e2365 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Thu Feb 12 14:50:54 2009 -0500
committer: James Morris <jmorris@namei.org> Sat Feb 14 09:23:08 2009 +1100
tree: a6e0857db27a38b0976fb422836f9443241b4b61
parent: 21193dcd1f3570ddfd8a04f4465e484c1f94252f [diff] [blame]
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 01ec6d2..d3c8b98 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c

@@ -595,7 +595,7 @@
 
 	length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
 			  "%x %x %x %x %u",
-			  avd.allowed, avd.decided,
+			  avd.allowed, 0xffffffff,
 			  avd.auditallow, avd.auditdeny,
 			  avd.seqno);
 out2:
commit	f1c6381a6e337adcecf84be2a838bd9e610e2365	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Thu Feb 12 14:50:54 2009 -0500
committer	James Morris <jmorris@namei.org>	Sat Feb 14 09:23:08 2009 +1100
tree	a6e0857db27a38b0976fb422836f9443241b4b61
parent	21193dcd1f3570ddfd8a04f4465e484c1f94252f [diff] [blame]