From e5fd7b078fb8eb0b15eb5beaccd0e6a07ec26758 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 5 Nov 2024 19:33:14 +0100 Subject: [PATCH] libselinux: add unique id to sidtab entries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reinterpret the currently unused - and always initialized to 1 - member refcnt of the struct security_id to hold a unique number identifying the sidtab entry. This identifier can be used instead of the full context string within other data structures to minimize memory usage. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/include/selinux/avc.h | 2 +- libselinux/src/avc_sidtab.c | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h index 1f79ba16..c007b973 100644 --- a/libselinux/include/selinux/avc.h +++ b/libselinux/include/selinux/avc.h @@ -20,7 +20,7 @@ extern "C" { */ struct security_id { char * ctx; - unsigned int refcnt; + unsigned int id; }; typedef struct security_id *security_id_t; diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c index fce5bddf..9475dcb0 100644 --- a/libselinux/src/avc_sidtab.c +++ b/libselinux/src/avc_sidtab.c @@ -4,6 +4,7 @@ * Author : Eamon Walsh, */ #include +#include #include #include #include @@ -50,6 +51,11 @@ int sidtab_insert(struct sidtab *s, const char * ctx) struct sidtab_node *newnode; char * newctx; + if (s->nel >= UINT_MAX - 1) { + rc = -1; + goto out; + } + newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode)); if (!newnode) { rc = -1; @@ -65,9 +71,8 @@ int sidtab_insert(struct sidtab *s, const char * ctx) hvalue = sidtab_hash(newctx); newnode->next = s->htable[hvalue]; newnode->sid_s.ctx = newctx; - newnode->sid_s.refcnt = 1; /* unused */ + newnode->sid_s.id = ++s->nel; s->htable[hvalue] = newnode; - s->nel++; out: return rc; }