1 files changed, 9 insertions, 3 deletions

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 732ea4a68682..b846c0387180 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -72,17 +72,20 @@ struct role_datum {
 
 struct role_trans {
         u32 role;               /* current role */
-        u32 type;               /* program executable type */
+        u32 type;               /* program executable type, or new object type */
+        u32 tclass;             /* process class, or new object class */
         u32 new_role;           /* new role */
         struct role_trans *next;
 };
 
 struct filename_trans {
-        struct filename_trans *next;
         u32 stype;              /* current process */
         u32 ttype;              /* parent dir context */
         u16 tclass;             /* class of new object */
         const char *name;       /* last path component */
+};
+
+struct filename_trans_datum {
         u32 otype;              /* expected of new object */
 };
 
@@ -227,7 +230,10 @@ struct policydb {
         struct role_trans *role_tr;
 
         /* file transitions with the last path component */
-        struct filename_trans *filename_trans;
+        /* quickly exclude lookups when parent ttype has no rules */
+        struct ebitmap filename_trans_ttypes;
+        /* actual set of filename_trans rules */
+        struct hashtab *filename_trans;
 
         /* bools indexed by (value - 1) */
         struct cond_bool_datum **bool_val_to_struct;