commit 2f3e82d694d3d7a2db019db1bb63385fbc1066f3
author Stephen Smalley <sds@tycho.nsa.gov> Thu Jan 07 15:55:16 2010 -0500
committer James Morris <jmorris@namei.org> Mon Jan 25 08:29:05 2010 +1100
tree 9d99a883eb2ab097a3ff1ee4e1c9bf2fa851d832
parent 2457552d1e6f3183cd93f81c49a8da5fe8bb0e42

selinux: convert range transition list to a hashtab

Per https://bugzilla.redhat.com/show_bug.cgi?id=548145
there are sufficient range transition rules in modern (Fedora) policy to
make mls_compute_sid a significant factor on the shmem file setup path
due to the length of the range_tr list.  Replace the simple range_tr
list with a hashtab inside the security server to help mitigate this
problem.

Signed-off-by:  Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

security/selinux/ss/mls.c

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index e6654b5..443ae73 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -513,7 +513,8 @@
 		    u32 specified,
 		    struct context *newcontext)
 {
-	struct range_trans *rtr;
+	struct range_trans rtr;
+	struct mls_range *r;
 
 	if (!selinux_mls_enabled)
 		return 0;
@@ -521,15 +522,12 @@
 	switch (specified) {
 	case AVTAB_TRANSITION:
 		/* Look for a range transition rule. */
-		for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {
-			if (rtr->source_type == scontext->type &&
-			    rtr->target_type == tcontext->type &&
-			    rtr->target_class == tclass) {
-				/* Set the range from the rule */
-				return mls_range_set(newcontext,
-						     &rtr->target_range);
-			}
-		}
+		rtr.source_type = scontext->type;
+		rtr.target_type = tcontext->type;
+		rtr.target_class = tclass;
+		r = hashtab_search(policydb.range_tr, &rtr);
+		if (r)
+			return mls_range_set(newcontext, r);
 		/* Fallthrough */
 	case AVTAB_CHANGE:
 		if (tclass == policydb.process_class)