diff options
| author | Ondrej Mosnacek <omosnace@redhat.com> | 2020-04-07 20:28:58 +0200 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2020-04-17 21:20:22 +0200 |
| commit | e67b2ec9f6171895e774f6543626913960e019df (patch) | |
| tree | e1520bce539fd62639ab310c6c9385522b48c73f /security/selinux/ss/policydb.h | |
| parent | selinux: drop unnecessary smp_load_acquire() call (diff) | |
| download | linux-e67b2ec9f6171895e774f6543626913960e019df.tar.xz linux-e67b2ec9f6171895e774f6543626913960e019df.zip | |
selinux: store role transitions in a hash table
Currently, they are stored in a linked list, which adds significant
overhead to security_transition_sid(). On Fedora, with 428 role
transitions in policy, converting this list to a hash table cuts down
its run time by about 50%. This was measured by running 'stress-ng --msg
1 --msg-ops 100000' under perf with and without this patch.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss/policydb.h')
| -rw-r--r-- | security/selinux/ss/policydb.h | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 72e2932fb12d..d3adb522d3f3 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -81,12 +81,14 @@ struct role_datum { struct ebitmap types; /* set of authorized types for role */ }; -struct role_trans { +struct role_trans_key { u32 role; /* current role */ u32 type; /* program executable type, or new object type */ u32 tclass; /* process class, or new object class */ +}; + +struct role_trans_datum { u32 new_role; /* new role */ - struct role_trans *next; }; struct filename_trans_key { @@ -261,7 +263,7 @@ struct policydb { struct avtab te_avtab; /* role transitions */ - struct role_trans *role_tr; + struct hashtab *role_tr; /* file transitions with the last path component */ /* quickly exclude lookups when parent ttype has no rules */ |