linux/security/selinux/ss
Eric Paris 03a4c0182a SELinux: skip filename trans rules if ttype does not match parent dir
Right now we walk to filename trans rule list for every inode that is
created.  First passes at policy using this facility creates around 5000
filename trans rules.  Running a list of 5000 entries every time is a bad
idea.  This patch adds a new ebitmap to policy which has a bit set for each
ttype that has at least 1 filename trans rule.  Thus when an inode is
created we can quickly determine if any rules exist for this parent
directory type and can skip the list if we know there is definitely no
relevant entry.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
2011-04-28 15:15:52 -04:00
..
avtab.c SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
avtab.h SELinux: Use dentry name in new object labeling 2011-02-01 11:12:30 -05:00
conditional.c selinux: return -ENOMEM when memory allocation fails 2011-01-24 11:35:47 +11:00
conditional.h SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
constraint.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
context.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
ebitmap.c SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
ebitmap.h security:selinux: kill unused MAX_AVTAB_HASH_MASK and ebitmap_startbit 2011-01-24 10:36:11 +11:00
hashtab.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
mls_types.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
mls.c SELinux: Socket retains creator role and MLS attribute 2011-03-03 15:19:43 -05:00
mls.h SELinux: Socket retains creator role and MLS attribute 2011-03-03 15:19:43 -05:00
policydb.c SELinux: skip filename trans rules if ttype does not match parent dir 2011-04-28 15:15:52 -04:00
policydb.h SELinux: skip filename trans rules if ttype does not match parent dir 2011-04-28 15:15:52 -04:00
services.c SELinux: skip filename trans rules if ttype does not match parent dir 2011-04-28 15:15:52 -04:00
services.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.c selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
sidtab.h selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
status.c selinux: fix up style problem on /selinux/status 2010-10-21 10:12:41 +11:00
symtab.c selinux: fix error codes in symtab_init() 2010-08-02 15:35:04 +10:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00