On Jan 12, 2015, at 10:30 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 01/07/2015 05:03 PM, John Brooks wrote: >> This function, based on murmurhash3, has much better distribution than >> the original. Using the current default of 4096 buckets, there are many >> fewer collisions: > > Thanks, this looks like a significant improvement for neverallow > checking. I'm trying to make sure I understand what if any implications > it has for other uses of the avtab, since the neverallow checker is > unusual in that it fully expands all entries. > > On Fedora 20 policy, checkpolicy -Mb > /etc/selinux/targeted/policy/policy.29 before and after this patch (with > avtabh_hash_eval called) shows: > > before.txt:rules: 101401 entries and 8169/8192 buckets used, longest > chain length 84 > betterhash.txt:rules: 101401 entries and 8192/8192 buckets used, > longest chain length 27 > > So that's a definite improvement. > > Could you amend your code to define constants for the various magic > values used above? Thanks. The magic values are nothing but magic from the original murmurhash3. They don’t have any useful names. I did remove ‘c1’ and ‘c2’ in favor of using their values inline, since each is only used once. Is that enough? (Also, sorry for my last mail to this list; it was butchered by my mail client. Hopefully this one works.) _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
