diff options
| author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2025-05-21 10:41:23 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2025-06-19 17:23:04 -0400 |
| commit | 1106896146d8711fdc899e6fc792e1d01f9b9f15 (patch) | |
| tree | 15902e6e531166619f1184b9a30da1cdbd1fd0c8 /scripts/lib/kdoc/kdoc_parser.py | |
| parent | 17bd3c01667aafaa267e64be70f9627e287ec210 (diff) | |
selinux: introduce neveraudit types
Introduce neveraudit types i.e. types that should never trigger
audit messages. This allows the AVC to skip all audit-related
processing for such types. Note that neveraudit differs from
dontaudit not only wrt being applied for all checks with a given
source type but also in that it disables all auditing, not just
permission denials.
When a type is both a permissive type and a neveraudit type,
the security server can short-circuit the security_compute_av()
logic, allowing all permissions and not auditing any permissions.
This change just introduces the basic support but does not yet
further optimize the AVC or hook function logic when a type
is both a permissive type and a dontaudit type.
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'scripts/lib/kdoc/kdoc_parser.py')
0 files changed, 0 insertions, 0 deletions