User: Cache users.

2025-03-18 08:35:19 +00:00 · 2018-08-08 14:39:42 -04:00 · 2018-08-08 14:39:42 -04:00 · 40b9f2473e
commit 40b9f2473e
parent 8156e809b8
1 changed files with 22 additions and 14 deletions
--- a/setools/policyrep/user.pxi
+++ b/setools/policyrep/user.pxi
@ -18,6 +18,9 @@
 # <http://www.gnu.org/licenses/>.
 #

+cdef dict _user_cache = {}
+
+
 cdef class User(PolicySymbol):

    """A user."""
@ -32,23 +35,28 @@ cdef class User(PolicySymbol):
    @staticmethod
    cdef inline User factory(SELinuxPolicy policy, sepol.user_datum_t *symbol):
        """Factory function for constructing User objects."""
-        cdef User u = User.__new__(User)
-        u.policy = policy
-        u.key = <uintptr_t>symbol
-        u.name = policy.user_value_to_name(symbol.s.value - 1)
+        cdef User u
+        try:
+            return _user_cache[<uintptr_t>symbol]
+        except KeyError:
+            u = User.__new__(User)
+            _user_cache[<uintptr_t>symbol] = u
+            u.policy = policy
+            u.key = <uintptr_t>symbol
+            u.name = policy.user_value_to_name(symbol.s.value - 1)

-        # object_r is implicitly added to all roles by the compiler.
-        # technically it is incorrect to skip it, but policy writers
-        # and analysts don't expect to see it in results, and it
-        # will confuse, especially for role set equality user queries.
-        u.roles = frozenset(r for r in RoleEbitmapIterator.factory(policy, &symbol.roles.roles)
-                   if r != "object_r")
+            # object_r is implicitly added to all roles by the compiler.
+            # technically it is incorrect to skip it, but policy writers
+            # and analysts don't expect to see it in results, and it
+            # will confuse, especially for role set equality user queries.
+            u.roles = frozenset(r for r in RoleEbitmapIterator.factory(policy, &symbol.roles.roles)
+                       if r != "object_r")

-        if policy.mls:
-            u._level = Level.factory(policy, &symbol.exp_dfltlevel)
-            u._range = Range.factory(policy, &symbol.exp_range)
+            if policy.mls:
+                u._level = Level.factory(policy, &symbol.exp_dfltlevel)
+                u._range = Range.factory(policy, &symbol.exp_range)

-        return u
+            return u

    def __str__(self):
        return self.name