From 450bb255ca58136cf1b62c2efd9543e0bfa92d76 Mon Sep 17 00:00:00 2001 From: Sultan Alsawaf Date: Wed, 17 Apr 2019 18:02:18 -0700 Subject: [PATCH] selinux: Remove audit dependency Auditing comes with a lot of overhead due to string assembly via vsnprintf. It isn't actually needed to make SELinux work, so remove SELinux's artificial dependency on it to make it possible to use SELinux without the unneeded overhead. Signed-off-by: Sultan Alsawaf Change-Id: I26a7fc519a36b18defdbc05f74bdbefc57d04d1e Signed-off-by: starlight5234 --- include/linux/audit.h | 4 ++++ include/linux/lsm_audit.h | 8 ++++++++ security/selinux/Kconfig | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 9334fbef7bae..2858d233ac39 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -205,6 +205,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab) static inline void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) { } +static inline int audit_update_lsm_rules(void) +{ + return 0; +} #define audit_enabled AUDIT_OFF #endif /* CONFIG_AUDIT */ diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index 915330abf6e5..7ae9dcf89578 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h @@ -117,8 +117,16 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb, int ipv6_skb_to_auditdata(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto); +#ifdef CONFIG_AUDIT void common_lsm_audit(struct common_audit_data *a, void (*pre_audit)(struct audit_buffer *, void *), void (*post_audit)(struct audit_buffer *, void *)); +#else +static inline void common_lsm_audit(struct common_audit_data *a, + void (*pre_audit)(struct audit_buffer *, void *), + void (*post_audit)(struct audit_buffer *, void *)) +{ +} +#endif #endif diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index 8297e48a283d..2728517339a1 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -1,6 +1,6 @@ config SECURITY_SELINUX bool "NSA SELinux Support" - depends on SECURITY_NETWORK && AUDIT && NET && INET + depends on SECURITY_NETWORK && NET && INET select NETWORK_SECMARK default n help