Converting a valid context to string and hashing that is inefficient because the conversion is slow. Instead we can hash the stucture contents directly, which is about 10 times faster. After that, it is possible to move the hashing under sidtab.c, which avoids the complexity of calling context_add_hash() all over the place. Changes in v3: - fix copyright year in ss/context.c (for real this time) - move explanation of valid vs. invalid context hashing from commit msg to the code Changes in v2: - extract mls hashing into mls_range_hash() and put it in mls.h - move some changes from patch 1 into patch 2 Ondrej Mosnacek (2): selinux: hash context structure directly selinux: move context hashing under sidtab security/selinux/Makefile | 2 +- security/selinux/ss/context.c | 32 +++++++++++++ security/selinux/ss/context.h | 11 +---- security/selinux/ss/ebitmap.c | 14 ++++++ security/selinux/ss/ebitmap.h | 1 + security/selinux/ss/mls.h | 11 +++++ security/selinux/ss/policydb.c | 5 -- security/selinux/ss/services.c | 86 ++++++++++------------------------ security/selinux/ss/services.h | 3 -- security/selinux/ss/sidtab.c | 32 ++++++++----- security/selinux/ss/sidtab.h | 1 + 11 files changed, 107 insertions(+), 91 deletions(-) create mode 100644 security/selinux/ss/context.c -- 2.25.2
