checkpolicy/0001-libsepol-checkpolicy-optimize-storage-of-filename-tr.patch

From 42ae834a7428c57f7b2a9f448adf4cf991fa3487 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Fri, 31 Jul 2020 13:10:34 +0200
Subject: [PATCH] libsepol,checkpolicy: optimize storage of filename
 transitions

In preparation to support a new policy format with a more optimal
representation of filename transition rules, this patch applies an
equivalent change from kernel commit c3a276111ea2 ("selinux: optimize
storage of filename transitions").

See the kernel commit's description [1] for the rationale behind this
representation. This change doesn't bring any measurable difference of
policy build performance (semodule -B) on Fedora.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/commit/?id=c3a276111ea2572399281988b3129683e2a6b60b

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 checkpolicy/policy_define.c | 49 ++++++++++---------------------------
 checkpolicy/test/dispol.c   | 20 ++++++++++-----
 2 files changed, 27 insertions(+), 42 deletions(-)

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index c6733fa469c5..395f62284e3c 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -3303,8 +3303,6 @@ int define_filename_trans(void)
 	ebitmap_t e_stypes, e_ttypes;
 	ebitmap_t e_tclasses;
 	ebitmap_node_t *snode, *tnode, *cnode;
-	filename_trans_t *ft;
-	filename_trans_datum_t *ftdatum;
 	filename_trans_rule_t *ftr;
 	type_datum_t *typdatum;
 	uint32_t otype;
@@ -3388,40 +3386,19 @@ int define_filename_trans(void)
 	ebitmap_for_each_positive_bit(&e_tclasses, cnode, c) {
 		ebitmap_for_each_positive_bit(&e_stypes, snode, s) {
 			ebitmap_for_each_positive_bit(&e_ttypes, tnode, t) {
-				ft = calloc(1, sizeof(*ft));
-				if (!ft) {
-					yyerror("out of memory");
-					goto bad;
-				}
-				ft->stype = s+1;
-				ft->ttype = t+1;
-				ft->tclass = c+1;
-				ft->name = strdup(name);
-				if (!ft->name) {
-					yyerror("out of memory");
-					goto bad;
-				}
-
-				ftdatum = hashtab_search(policydbp->filename_trans,
-							 (hashtab_key_t)ft);
-				if (ftdatum) {
-					yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
-						 name,
-						 policydbp->p_type_val_to_name[s],
-						 policydbp->p_type_val_to_name[t],
-						 policydbp->p_class_val_to_name[c]);
-					goto bad;
-				}
-
-				ftdatum = calloc(1, sizeof(*ftdatum));
-				if (!ftdatum) {
-					yyerror("out of memory");
-					goto bad;
-				}
-				rc = hashtab_insert(policydbp->filename_trans,
-						    (hashtab_key_t)ft,
-						    ftdatum);
-				if (rc) {
+				rc = policydb_filetrans_insert(
+					policydbp, s+1, t+1, c+1, name,
+					NULL, otype, NULL
+				);
+				if (rc != SEPOL_OK) {
+					if (rc == SEPOL_EEXIST) {
+						yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
+							name,
+							policydbp->p_type_val_to_name[s],
+							policydbp->p_type_val_to_name[t],
+							policydbp->p_class_val_to_name[c]);
+						goto bad;
+					}
 					yyerror("out of memory");
 					goto bad;
 				}
diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
index d72d9fb331cf..8785b7252824 100644
--- a/checkpolicy/test/dispol.c
+++ b/checkpolicy/test/dispol.c
@@ -335,17 +335,25 @@ static int filenametr_display(hashtab_key_t key,
 			      hashtab_datum_t datum,
 			      void *ptr)
 {
-	struct filename_trans *ft = (struct filename_trans *)key;
+	struct filename_trans_key *ft = (struct filename_trans_key *)key;
 	struct filename_trans_datum *ftdatum = datum;
 	struct filenametr_display_args *args = ptr;
 	policydb_t *p = args->p;
 	FILE *fp = args->fp;
+	ebitmap_node_t *node;
+	uint32_t bit;
+
+	do {
+		ebitmap_for_each_positive_bit(&ftdatum->stypes, node, bit) {
+			display_id(p, fp, SYM_TYPES, bit, "");
+			display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
+			display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
+			display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");
+			fprintf(fp, " %s\n", ft->name);
+		}
+		ftdatum = ftdatum->next;
+	} while (ftdatum);
 
-	display_id(p, fp, SYM_TYPES, ft->stype - 1, "");
-	display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
-	display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
-	display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");
-	fprintf(fp, " %s\n", ft->name);
 	return 0;
 }
 
-- 
2.29.0
Rebase on db0f2f382e31 at SELinuxProject - Optimize storage of filename transitions - Fix signed overflow caused by using (1 << 31) - 1 2020-11-01 13:36:16 +00:00			`From 42ae834a7428c57f7b2a9f448adf4cf991fa3487 Mon Sep 17 00:00:00 2001`
			`From: Ondrej Mosnacek <omosnace@redhat.com>`
			`Date: Fri, 31 Jul 2020 13:10:34 +0200`
			`Subject: [PATCH] libsepol,checkpolicy: optimize storage of filename`
			`transitions`

			`In preparation to support a new policy format with a more optimal`
			`representation of filename transition rules, this patch applies an`
			`equivalent change from kernel commit c3a276111ea2 ("selinux: optimize`
			`storage of filename transitions").`

			`See the kernel commit's description [1] for the rationale behind this`
			`representation. This change doesn't bring any measurable difference of`
			`policy build performance (semodule -B) on Fedora.`

			`[1] https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/commit/?id=c3a276111ea2572399281988b3129683e2a6b60b`

			`Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>`
			`---`
			`checkpolicy/policy_define.c \| 49 ++++++++++---------------------------`
			`checkpolicy/test/dispol.c \| 20 ++++++++++-----`
			`2 files changed, 27 insertions(+), 42 deletions(-)`

			`diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c`
			`index c6733fa469c5..395f62284e3c 100644`
			`--- a/checkpolicy/policy_define.c`
			`+++ b/checkpolicy/policy_define.c`
			`@@ -3303,8 +3303,6 @@ int define_filename_trans(void)`
			`ebitmap_t e_stypes, e_ttypes;`
			`ebitmap_t e_tclasses;`
			`ebitmap_node_t snode, tnode, *cnode;`
			`- filename_trans_t *ft;`
			`- filename_trans_datum_t *ftdatum;`
			`filename_trans_rule_t *ftr;`
			`type_datum_t *typdatum;`
			`uint32_t otype;`
			`@@ -3388,40 +3386,19 @@ int define_filename_trans(void)`
			`ebitmap_for_each_positive_bit(&e_tclasses, cnode, c) {`
			`ebitmap_for_each_positive_bit(&e_stypes, snode, s) {`
			`ebitmap_for_each_positive_bit(&e_ttypes, tnode, t) {`
			`- ft = calloc(1, sizeof(*ft));`
			`- if (!ft) {`
			`- yyerror("out of memory");`
			`- goto bad;`
			`- }`
			`- ft->stype = s+1;`
			`- ft->ttype = t+1;`
			`- ft->tclass = c+1;`
			`- ft->name = strdup(name);`
			`- if (!ft->name) {`
			`- yyerror("out of memory");`
			`- goto bad;`
			`- }`
			`-`
			`- ftdatum = hashtab_search(policydbp->filename_trans,`
			`- (hashtab_key_t)ft);`
			`- if (ftdatum) {`
			`- yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",`
			`- name,`
			`- policydbp->p_type_val_to_name[s],`
			`- policydbp->p_type_val_to_name[t],`
			`- policydbp->p_class_val_to_name[c]);`
			`- goto bad;`
			`- }`
			`-`
			`- ftdatum = calloc(1, sizeof(*ftdatum));`
			`- if (!ftdatum) {`
			`- yyerror("out of memory");`
			`- goto bad;`
			`- }`
			`- rc = hashtab_insert(policydbp->filename_trans,`
			`- (hashtab_key_t)ft,`
			`- ftdatum);`
			`- if (rc) {`
			`+ rc = policydb_filetrans_insert(`
			`+ policydbp, s+1, t+1, c+1, name,`
			`+ NULL, otype, NULL`
			`+ );`
			`+ if (rc != SEPOL_OK) {`
			`+ if (rc == SEPOL_EEXIST) {`
			`+ yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",`
			`+ name,`
			`+ policydbp->p_type_val_to_name[s],`
			`+ policydbp->p_type_val_to_name[t],`
			`+ policydbp->p_class_val_to_name[c]);`
			`+ goto bad;`
			`+ }`
			`yyerror("out of memory");`
			`goto bad;`
			`}`
			`diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c`
			`index d72d9fb331cf..8785b7252824 100644`
			`--- a/checkpolicy/test/dispol.c`
			`+++ b/checkpolicy/test/dispol.c`
			`@@ -335,17 +335,25 @@ static int filenametr_display(hashtab_key_t key,`
			`hashtab_datum_t datum,`
			`void *ptr)`
			`{`
			`- struct filename_trans ft = (struct filename_trans )key;`
			`+ struct filename_trans_key ft = (struct filename_trans_key )key;`
			`struct filename_trans_datum *ftdatum = datum;`
			`struct filenametr_display_args *args = ptr;`
			`policydb_t *p = args->p;`
			`FILE *fp = args->fp;`
			`+ ebitmap_node_t *node;`
			`+ uint32_t bit;`
			`+`
			`+ do {`
			`+ ebitmap_for_each_positive_bit(&ftdatum->stypes, node, bit) {`
			`+ display_id(p, fp, SYM_TYPES, bit, "");`
			`+ display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");`
			`+ display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");`
			`+ display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");`
			`+ fprintf(fp, " %s\n", ft->name);`
			`+ }`
			`+ ftdatum = ftdatum->next;`
			`+ } while (ftdatum);`

			`- display_id(p, fp, SYM_TYPES, ft->stype - 1, "");`
			`- display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");`
			`- display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");`
			`- display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");`
			`- fprintf(fp, " %s\n", ft->name);`
			`return 0;`
			`}`

			`--`
			`2.29.0`