path: root/security/selinux/include/objsec.h
diff options
authorPaul Moore <paul.moore@hp.com>2008-04-10 10:48:14 -0400
committerJames Morris <jmorris@namei.org>2008-04-18 20:26:16 +1000
commit3e11217263d0521e212cb8a017fbc2a1514db78f (patch)
treed3b399c3d907cd90afd27003000fd9d99212f44b /security/selinux/include/objsec.h
parent832cbd9aa1293cba57d06571f5fc8f0917c672af (diff)
SELinux: Add network port SID cache
Much like we added a network node cache, this patch adds a network port cache. The design is taken almost completely from the network node cache which in turn was taken from the network interface cache. The basic idea is to cache entries in a hash table based on protocol/port information. The hash function only takes the port number into account since the number of different protocols in use at any one time is expected to be relatively small. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include/objsec.h')
1 files changed, 6 insertions, 0 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 957b10d0f76f..300b61bad7b3 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -103,6 +103,12 @@ struct netnode_security_struct {
u16 family; /* address family */
+struct netport_security_struct {
+ u32 sid; /* SID for this node */
+ u16 port; /* port number */
+ u8 protocol; /* transport protocol */
struct sk_security_struct {
u32 sid; /* SID of this object */
u32 peer_sid; /* SID of peer */