libselinux: add unique id to sidtab entries

Reinterpret the currently unused - and always initialized to 1 - member
refcnt of the struct security_id to hold a unique number identifying
the sidtab entry.  This identifier can be used instead of the full
context string within other data structures to minimize memory usage.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>

libselinux/include/selinux/avc.h

@@ -20,7 +20,7 @@ extern "C" {
  */
 struct security_id {
 	char * ctx;
-	unsigned int refcnt;
+	unsigned int id;
 };
 typedef struct security_id *security_id_t;
 

libselinux/src/avc_sidtab.c

@@ -4,6 +4,7 @@
  * Author : Eamon Walsh, <ewalsh@epoch.ncsc.mil>
  */
 #include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -50,6 +51,11 @@ int sidtab_insert(struct sidtab *s, const char * ctx)
 	struct sidtab_node *newnode;
 	char * newctx;
 
+	if (s->nel >= UINT_MAX - 1) {
+		rc = -1;
+		goto out;
+	}
+
 	newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode));
 	if (!newnode) {
 		rc = -1;
@@ -65,9 +71,8 @@ int sidtab_insert(struct sidtab *s, const char * ctx)
 	hvalue = sidtab_hash(newctx);
 	newnode->next = s->htable[hvalue];
 	newnode->sid_s.ctx = newctx;
-	newnode->sid_s.refcnt = 1;	/* unused */
+	newnode->sid_s.id = ++s->nel;
 	s->htable[hvalue] = newnode;
-	s->nel++;
       out:
 	return rc;
 }