SELinux: put name based create rules in a hashtable

To shorten the list we need to run if filename trans rules exist for the type
of the given parent directory I put them in a hashtable.  Given the policy we
are expecting to use in Fedora this takes the worst case list run from about
5,000 entries to 17.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>

1 files changed, 6 insertions, 3 deletions

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index f054a9d4d114..b846c0387180 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -79,11 +79,13 @@ struct role_trans {
 };
 
 struct filename_trans {
-        struct filename_trans *next;
         u32 stype;              /* current process */
         u32 ttype;              /* parent dir context */
         u16 tclass;             /* class of new object */
         const char *name;       /* last path component */
+};
+
+struct filename_trans_datum {
         u32 otype;              /* expected of new object */
 };
 
@@ -227,10 +229,11 @@ struct policydb {
         /* role transitions */
         struct role_trans *role_tr;
 
+        /* file transitions with the last path component */
         /* quickly exclude lookups when parent ttype has no rules */
         struct ebitmap filename_trans_ttypes;
-        /* file transitions with the last path component */
-        struct filename_trans *filename_trans;
+        /* actual set of filename_trans rules */
+        struct hashtab *filename_trans;
 
         /* bools indexed by (value - 1) */
         struct cond_bool_datum **bool_val_to_struct;