| Message ID | 20240608172142.138894-1-cgoettsche@seltendoof.de (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 52e5c306f50a |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [1/2] libsepol: move unchanged data out of loop | expand |
On Sat, Jun 8, 2024 at 1:21 PM Christian Göttsche <cgoettsche@seltendoof.de> wrote: > > From: Christian Göttsche <cgzones@googlemail.com> > > Perform the lookup whether the class is in the current scope once, and > not for every permission. > This also ensures the class is checked to be in the current scope if > there are no permissions attached. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/src/link.c | 38 ++++++++++++++++++-------------------- > 1 file changed, 18 insertions(+), 20 deletions(-) > > diff --git a/libsepol/src/link.c b/libsepol/src/link.c > index b8272308..a6f2a251 100644 > --- a/libsepol/src/link.c > +++ b/libsepol/src/link.c > @@ -1925,7 +1925,7 @@ static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *varg) > * Note that if a declaration had no requirement at all (e.g., an ELSE > * block) this returns 1. */ > static int is_decl_requires_met(link_state_t * state, > - avrule_decl_t * decl, > + const avrule_decl_t * decl, > struct missing_requirement *req) > { > /* (This algorithm is very unoptimized. It performs many > @@ -1933,9 +1933,9 @@ static int is_decl_requires_met(link_state_t * state, > * which symbols have been verified, so that they do not need > * to be re-checked.) */ > unsigned int i, j; > - ebitmap_t *bitmap; > - char *id, *perm_id; > - policydb_t *pol = state->base; > + const ebitmap_t *bitmap; > + const char *id, *perm_id; > + const policydb_t *pol = state->base; > ebitmap_node_t *node; > > /* check that all symbols have been satisfied */ > @@ -1961,27 +1961,25 @@ static int is_decl_requires_met(link_state_t * state, > } > /* check that all classes and permissions have been satisfied */ > for (i = 0; i < decl->required.class_perms_len; i++) { > + const class_datum_t *cladatum = pol->class_val_to_struct[i]; > + const scope_datum_t *scope; > + > + bitmap = &decl->required.class_perms_map[i]; > + id = pol->p_class_val_to_name[i]; > + > + > + scope = hashtab_search(state->base->p_classes_scope.table, id); > + if (scope == NULL) { > + ERR(state->handle, > + "Could not find scope information for class %s", > + id); > + return -1; > + } > > - bitmap = decl->required.class_perms_map + i; > ebitmap_for_each_positive_bit(bitmap, node, j) { > struct find_perm_arg fparg; > - class_datum_t *cladatum; > uint32_t perm_value = j + 1; > int rc; > - scope_datum_t *scope; > - > - id = pol->p_class_val_to_name[i]; > - cladatum = pol->class_val_to_struct[i]; > - > - scope = > - hashtab_search(state->base->p_classes_scope.table, > - id); > - if (scope == NULL) { > - ERR(state->handle, > - "Could not find scope information for class %s", > - id); > - return -1; > - } > > fparg.valuep = perm_value; > fparg.key = NULL; > -- > 2.45.1 > >
On Tue, Jun 11, 2024 at 2:27 PM James Carter <jwcart2@gmail.com> wrote: > > On Sat, Jun 8, 2024 at 1:21 PM Christian Göttsche > <cgoettsche@seltendoof.de> wrote: > > > > From: Christian Göttsche <cgzones@googlemail.com> > > > > Perform the lookup whether the class is in the current scope once, and > > not for every permission. > > This also ensures the class is checked to be in the current scope if > > there are no permissions attached. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > These two patches have been merged. Thanks, Jim > > --- > > libsepol/src/link.c | 38 ++++++++++++++++++-------------------- > > 1 file changed, 18 insertions(+), 20 deletions(-) > > > > diff --git a/libsepol/src/link.c b/libsepol/src/link.c > > index b8272308..a6f2a251 100644 > > --- a/libsepol/src/link.c > > +++ b/libsepol/src/link.c > > @@ -1925,7 +1925,7 @@ static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *varg) > > * Note that if a declaration had no requirement at all (e.g., an ELSE > > * block) this returns 1. */ > > static int is_decl_requires_met(link_state_t * state, > > - avrule_decl_t * decl, > > + const avrule_decl_t * decl, > > struct missing_requirement *req) > > { > > /* (This algorithm is very unoptimized. It performs many > > @@ -1933,9 +1933,9 @@ static int is_decl_requires_met(link_state_t * state, > > * which symbols have been verified, so that they do not need > > * to be re-checked.) */ > > unsigned int i, j; > > - ebitmap_t *bitmap; > > - char *id, *perm_id; > > - policydb_t *pol = state->base; > > + const ebitmap_t *bitmap; > > + const char *id, *perm_id; > > + const policydb_t *pol = state->base; > > ebitmap_node_t *node; > > > > /* check that all symbols have been satisfied */ > > @@ -1961,27 +1961,25 @@ static int is_decl_requires_met(link_state_t * state, > > } > > /* check that all classes and permissions have been satisfied */ > > for (i = 0; i < decl->required.class_perms_len; i++) { > > + const class_datum_t *cladatum = pol->class_val_to_struct[i]; > > + const scope_datum_t *scope; > > + > > + bitmap = &decl->required.class_perms_map[i]; > > + id = pol->p_class_val_to_name[i]; > > + > > + > > + scope = hashtab_search(state->base->p_classes_scope.table, id); > > + if (scope == NULL) { > > + ERR(state->handle, > > + "Could not find scope information for class %s", > > + id); > > + return -1; > > + } > > > > - bitmap = decl->required.class_perms_map + i; > > ebitmap_for_each_positive_bit(bitmap, node, j) { > > struct find_perm_arg fparg; > > - class_datum_t *cladatum; > > uint32_t perm_value = j + 1; > > int rc; > > - scope_datum_t *scope; > > - > > - id = pol->p_class_val_to_name[i]; > > - cladatum = pol->class_val_to_struct[i]; > > - > > - scope = > > - hashtab_search(state->base->p_classes_scope.table, > > - id); > > - if (scope == NULL) { > > - ERR(state->handle, > > - "Could not find scope information for class %s", > > - id); > > - return -1; > > - } > > > > fparg.valuep = perm_value; > > fparg.key = NULL; > > -- > > 2.45.1 > > > >
diff --git a/libsepol/src/link.c b/libsepol/src/link.c index b8272308..a6f2a251 100644 --- a/libsepol/src/link.c +++ b/libsepol/src/link.c @@ -1925,7 +1925,7 @@ static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *varg) * Note that if a declaration had no requirement at all (e.g., an ELSE * block) this returns 1. */ static int is_decl_requires_met(link_state_t * state, - avrule_decl_t * decl, + const avrule_decl_t * decl, struct missing_requirement *req) { /* (This algorithm is very unoptimized. It performs many @@ -1933,9 +1933,9 @@ static int is_decl_requires_met(link_state_t * state, * which symbols have been verified, so that they do not need * to be re-checked.) */ unsigned int i, j; - ebitmap_t *bitmap; - char *id, *perm_id; - policydb_t *pol = state->base; + const ebitmap_t *bitmap; + const char *id, *perm_id; + const policydb_t *pol = state->base; ebitmap_node_t *node; /* check that all symbols have been satisfied */ @@ -1961,27 +1961,25 @@ static int is_decl_requires_met(link_state_t * state, } /* check that all classes and permissions have been satisfied */ for (i = 0; i < decl->required.class_perms_len; i++) { + const class_datum_t *cladatum = pol->class_val_to_struct[i]; + const scope_datum_t *scope; + + bitmap = &decl->required.class_perms_map[i]; + id = pol->p_class_val_to_name[i]; + + + scope = hashtab_search(state->base->p_classes_scope.table, id); + if (scope == NULL) { + ERR(state->handle, + "Could not find scope information for class %s", + id); + return -1; + } - bitmap = decl->required.class_perms_map + i; ebitmap_for_each_positive_bit(bitmap, node, j) { struct find_perm_arg fparg; - class_datum_t *cladatum; uint32_t perm_value = j + 1; int rc; - scope_datum_t *scope; - - id = pol->p_class_val_to_name[i]; - cladatum = pol->class_val_to_struct[i]; - - scope = - hashtab_search(state->base->p_classes_scope.table, - id); - if (scope == NULL) { - ERR(state->handle, - "Could not find scope information for class %s", - id); - return -1; - } fparg.valuep = perm_value; fparg.key = NULL;