selinux: Remove audit dependency

Auditing comes with a lot of overhead due to string assembly via vsnprintf. It isn't actually needed to make SELinux work, so remove SELinux's artificial dependency on it to make it possible to use SELinux without the unneeded overhead. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Change-Id: I26a7fc519a36b18defdbc05f74bdbefc57d04d1e Signed-off-by: starlight5234 <starlight5234@protonmail.ch>
2019-04-17 18:02:18 -07:00 · 2019-04-17 18:02:18 -07:00 · 450bb255ca
commit 450bb255ca
parent cd42298e3e
3 changed files with 13 additions and 1 deletions
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@ -205,6 +205,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
 static inline void audit_log_task_info(struct audit_buffer *ab,
 				       struct task_struct *tsk)
 { }
+static inline int audit_update_lsm_rules(void)
+{
+	return 0;
+}
 #define audit_enabled AUDIT_OFF
 #endif /* CONFIG_AUDIT */

--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@ -117,8 +117,16 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
 int ipv6_skb_to_auditdata(struct sk_buff *skb,
 		struct common_audit_data *ad, u8 *proto);

+#ifdef CONFIG_AUDIT
 void common_lsm_audit(struct common_audit_data *a,
 	void (*pre_audit)(struct audit_buffer *, void *),
 	void (*post_audit)(struct audit_buffer *, void *));
+#else
+static inline void common_lsm_audit(struct common_audit_data *a,
+	void (*pre_audit)(struct audit_buffer *, void *),
+	void (*post_audit)(struct audit_buffer *, void *))
+{
+}
+#endif

 #endif
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@ -1,6 +1,6 @@
 config SECURITY_SELINUX
 	bool "NSA SELinux Support"
-	depends on SECURITY_NETWORK && AUDIT && NET && INET
+	depends on SECURITY_NETWORK && NET && INET
 	select NETWORK_SECMARK
 	default n
 	help