commit 2463c26d50adc282d19317013ba0ff473823ca47
author Eric Paris <eparis@redhat.com> Thu Apr 28 15:11:21 2011 -0400
committer Eric Paris <eparis@redhat.com> Thu Apr 28 15:15:53 2011 -0400
tree e92438150bb380c0dc0867b00f1ae89f73646b2a
parent 3f058ef7787e1b48720622346de9a5317aeb749a

SELinux: put name based create rules in a hashtable

To shorten the list we need to run if filename trans rules exist for the type
of the given parent directory I put them in a hashtable.  Given the policy we
are expecting to use in Fedora this takes the worst case list run from about
5,000 entries to 17.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>

security/selinux/ss/services.c

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 6a22eae..e11b4b0 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1362,7 +1362,8 @@
 				  u32 stype, u32 ttype, u16 tclass,
 				  const char *objname)
 {
-	struct filename_trans *ft;
+	struct filename_trans ft;
+	struct filename_trans_datum *otype;
 
 	/*
 	 * Most filename trans rules are going to live in specific directories
@@ -1372,15 +1373,14 @@
 	if (!ebitmap_get_bit(&p->filename_trans_ttypes, ttype))
 		return;
 
-	for (ft = p->filename_trans; ft; ft = ft->next) {
-		if (ft->stype == stype &&
-		    ft->ttype == ttype &&
-		    ft->tclass == tclass &&
-		    !strcmp(ft->name, objname)) {
-			newcontext->type = ft->otype;
-			return;
-		}
-	}
+	ft.stype = stype;
+	ft.ttype = ttype;
+	ft.tclass = tclass;
+	ft.name = objname;
+
+	otype = hashtab_search(p->filename_trans, &ft);
+	if (otype)
+		newcontext->type = otype->otype;
 }
 
 static int security_compute_sid(u32 ssid,