commit 2463c26d50adc282d19317013ba0ff473823ca47
author Eric Paris <eparis@redhat.com> Thu Apr 28 15:11:21 2011 -0400
committer Eric Paris <eparis@redhat.com> Thu Apr 28 15:15:53 2011 -0400
tree e92438150bb380c0dc0867b00f1ae89f73646b2a
parent 3f058ef7787e1b48720622346de9a5317aeb749a

SELinux: put name based create rules in a hashtable

To shorten the list we need to run if filename trans rules exist for the type
of the given parent directory I put them in a hashtable.  Given the policy we
are expecting to use in Fedora this takes the worst case list run from about
5,000 entries to 17.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>

security/selinux/ss/policydb.h

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index f054a9d..b846c03 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -79,11 +79,13 @@
 };
 
 struct filename_trans {
-	struct filename_trans *next;
 	u32 stype;		/* current process */
 	u32 ttype;		/* parent dir context */
 	u16 tclass;		/* class of new object */
 	const char *name;	/* last path component */
+};
+
+struct filename_trans_datum {
 	u32 otype;		/* expected of new object */
 };
 
@@ -227,10 +229,11 @@
 	/* role transitions */
 	struct role_trans *role_tr;
 
+	/* file transitions with the last path component */
 	/* quickly exclude lookups when parent ttype has no rules */
 	struct ebitmap filename_trans_ttypes;
-	/* file transitions with the last path component */
-	struct filename_trans *filename_trans;
+	/* actual set of filename_trans rules */
+	struct hashtab *filename_trans;
 
 	/* bools indexed by (value - 1) */
 	struct cond_bool_datum **bool_val_to_struct;