forked from luck/tmp_suning_uos_patched
5007728980
Always hashing the string representation is inefficient. Just hash the contents of the structure directly (using jhash). If the context is invalid (str & len are set), then hash the string as before, otherwise hash the structured data. Since the context hashing function is now faster (about 10 times), this patch decreases the overhead of security_transition_sid(), which is called from many hooks. The jhash function seemed as a good choice, since it is used as the default hashing algorithm in rhashtable. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Jeff Vander Stoep <jeffv@google.com> Tested-by: Jeff Vander Stoep <jeffv@google.com> [PM: fixed some spelling errors in the comments pointed out by JVS] Signed-off-by: Paul Moore <paul@paul-moore.com>
40 lines
1019 B
C
40 lines
1019 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Implementation of the security services.
|
|
*
|
|
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
|
*/
|
|
#ifndef _SS_SERVICES_H_
|
|
#define _SS_SERVICES_H_
|
|
|
|
#include "policydb.h"
|
|
|
|
/* Mapping for a single class */
|
|
struct selinux_mapping {
|
|
u16 value; /* policy value for class */
|
|
unsigned int num_perms; /* number of permissions in class */
|
|
u32 perms[sizeof(u32) * 8]; /* policy values for permissions */
|
|
};
|
|
|
|
/* Map for all of the classes, with array size */
|
|
struct selinux_map {
|
|
struct selinux_mapping *mapping; /* indexed by class */
|
|
u16 size; /* array size of mapping */
|
|
};
|
|
|
|
struct selinux_ss {
|
|
struct sidtab *sidtab;
|
|
struct policydb policydb;
|
|
rwlock_t policy_rwlock;
|
|
u32 latest_granting;
|
|
struct selinux_map map;
|
|
} __randomize_layout;
|
|
|
|
void services_compute_xperms_drivers(struct extended_perms *xperms,
|
|
struct avtab_node *node);
|
|
|
|
void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
|
|
struct avtab_node *node);
|
|
|
|
#endif /* _SS_SERVICES_H_ */
|