selinux: Remove audit dependency

Auditing comes with a lot of overhead due to string assembly via vsnprintf. It isn't actually needed to make SELinux work, so remove SELinux's artificial dependency on it to make it possible to use SELinux without the unneeded overhead. Signed-off-by: Sultan Alsawaf <[email protected]> Signed-off-by: Lau <[email protected]> Signed-off-by: Cyber Knight <[email protected]>
danascape · Jun 19, 2022 · 4604b87 · 4604b87
1 parent 54c0714
commit 4604b87
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/include/linux/audit.h b/include/linux/audit.h
@@ -212,6 +212,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
 static inline void audit_log_task_info(struct audit_buffer *ab,
 				       struct task_struct *tsk)
 { }
+static inline int audit_update_lsm_rules(void)
+{
+	return 0;
+}
 #define audit_enabled 0
 #endif /* CONFIG_AUDIT */
 

diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
@@ -117,8 +117,16 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
 int ipv6_skb_to_auditdata(struct sk_buff *skb,
 		struct common_audit_data *ad, u8 *proto);
 
+#ifdef CONFIG_AUDIT
 void common_lsm_audit(struct common_audit_data *a,
 	void (*pre_audit)(struct audit_buffer *, void *),
 	void (*post_audit)(struct audit_buffer *, void *));
+#else
+static inline void common_lsm_audit(struct common_audit_data *a,
+	void (*pre_audit)(struct audit_buffer *, void *),
+	void (*post_audit)(struct audit_buffer *, void *))
+{
+}
+#endif
 
 #endif
diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
@@ -1,6 +1,6 @@
 config SECURITY_SELINUX
 	bool "NSA SELinux Support"
-	depends on SECURITY_NETWORK && AUDIT && NET && INET
+	depends on SECURITY_NETWORK && NET && INET
 	select NETWORK_SECMARK
 	default n
 	help