libsepol: move unchanged data out of loop
Perform the lookup whether the class is in the current scope once, and not for every permission. This also ensures the class is checked to be in the current scope if there are no permissions attached. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
parent
a3332e5741
commit
52e5c306f5
|
@ -1925,7 +1925,7 @@ static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *varg)
|
||||||
* Note that if a declaration had no requirement at all (e.g., an ELSE
|
* Note that if a declaration had no requirement at all (e.g., an ELSE
|
||||||
* block) this returns 1. */
|
* block) this returns 1. */
|
||||||
static int is_decl_requires_met(link_state_t * state,
|
static int is_decl_requires_met(link_state_t * state,
|
||||||
avrule_decl_t * decl,
|
const avrule_decl_t * decl,
|
||||||
struct missing_requirement *req)
|
struct missing_requirement *req)
|
||||||
{
|
{
|
||||||
/* (This algorithm is very unoptimized. It performs many
|
/* (This algorithm is very unoptimized. It performs many
|
||||||
|
@ -1933,9 +1933,9 @@ static int is_decl_requires_met(link_state_t * state,
|
||||||
* which symbols have been verified, so that they do not need
|
* which symbols have been verified, so that they do not need
|
||||||
* to be re-checked.) */
|
* to be re-checked.) */
|
||||||
unsigned int i, j;
|
unsigned int i, j;
|
||||||
ebitmap_t *bitmap;
|
const ebitmap_t *bitmap;
|
||||||
char *id, *perm_id;
|
const char *id, *perm_id;
|
||||||
policydb_t *pol = state->base;
|
const policydb_t *pol = state->base;
|
||||||
ebitmap_node_t *node;
|
ebitmap_node_t *node;
|
||||||
|
|
||||||
/* check that all symbols have been satisfied */
|
/* check that all symbols have been satisfied */
|
||||||
|
@ -1961,21 +1961,14 @@ static int is_decl_requires_met(link_state_t * state,
|
||||||
}
|
}
|
||||||
/* check that all classes and permissions have been satisfied */
|
/* check that all classes and permissions have been satisfied */
|
||||||
for (i = 0; i < decl->required.class_perms_len; i++) {
|
for (i = 0; i < decl->required.class_perms_len; i++) {
|
||||||
|
const class_datum_t *cladatum = pol->class_val_to_struct[i];
|
||||||
|
const scope_datum_t *scope;
|
||||||
|
|
||||||
bitmap = decl->required.class_perms_map + i;
|
bitmap = &decl->required.class_perms_map[i];
|
||||||
ebitmap_for_each_positive_bit(bitmap, node, j) {
|
|
||||||
struct find_perm_arg fparg;
|
|
||||||
class_datum_t *cladatum;
|
|
||||||
uint32_t perm_value = j + 1;
|
|
||||||
int rc;
|
|
||||||
scope_datum_t *scope;
|
|
||||||
|
|
||||||
id = pol->p_class_val_to_name[i];
|
id = pol->p_class_val_to_name[i];
|
||||||
cladatum = pol->class_val_to_struct[i];
|
|
||||||
|
|
||||||
scope =
|
|
||||||
hashtab_search(state->base->p_classes_scope.table,
|
scope = hashtab_search(state->base->p_classes_scope.table, id);
|
||||||
id);
|
|
||||||
if (scope == NULL) {
|
if (scope == NULL) {
|
||||||
ERR(state->handle,
|
ERR(state->handle,
|
||||||
"Could not find scope information for class %s",
|
"Could not find scope information for class %s",
|
||||||
|
@ -1983,6 +1976,11 @@ static int is_decl_requires_met(link_state_t * state,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ebitmap_for_each_positive_bit(bitmap, node, j) {
|
||||||
|
struct find_perm_arg fparg;
|
||||||
|
uint32_t perm_value = j + 1;
|
||||||
|
int rc;
|
||||||
|
|
||||||
fparg.valuep = perm_value;
|
fparg.valuep = perm_value;
|
||||||
fparg.key = NULL;
|
fparg.key = NULL;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue