selinux: hash context structure directly (50077289) · Commits · 戴 / test

security/selinux/Makefile

+1 −1

Original line number	Diff line number	Diff line
		@@ -8,7 +8,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
		selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
		netnode.o netport.o status.o \
		ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
		ss/policydb.o ss/services.o ss/conditional.o ss/mls.o
		ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/context.o

		selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o

0 → 100644

+32 −0

Original line number	Diff line number	Diff line
		// SPDX-License-Identifier: GPL-2.0
		/*
		* Implementations of the security context functions.
		*
		* Author: Ondrej Mosnacek <omosnacek@gmail.com>
		* Copyright (C) 2020 Red Hat, Inc.
		*/

		#include <linux/jhash.h>

		#include "context.h"
		#include "mls.h"

		u32 context_compute_hash(const struct context *c)
		{
		u32 hash = 0;

		/*
		* If a context is invalid, it will always be represented by a
		* context struct with only the len & str set (and vice versa)
		* under a given policy. Since context structs from different
		* policies should never meet, it is safe to hash valid and
		* invalid contexts differently. The context_cmp() function
		* already operates under the same assumption.
		*/
		if (c->len)
		return full_name_hash(NULL, c->str, c->len);

		hash = jhash_3words(c->user, c->role, c->type, hash);
		hash = mls_range_hash(&c->range, hash);
		return hash;
		}

+4 −2

Original line number	Diff line number	Diff line
		@@ -196,9 +196,11 @@ static inline int context_cmp(struct context c1, struct context c2)
		mls_context_cmp(c1, c2));
		}

		static inline unsigned int context_compute_hash(const char *s)
		u32 context_compute_hash(const struct context *c);

		static inline void context_add_hash(struct context *context)
		{
		return full_name_hash(NULL, s, strlen(s));
		context->hash = context_compute_hash(context);
		}

		#endif /* _SS_CONTEXT_H_ */

+14 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@
		#include <linux/kernel.h>
		#include <linux/slab.h>
		#include <linux/errno.h>
		#include <linux/jhash.h>
		#include <net/netlabel.h>
		#include "ebitmap.h"
		#include "policydb.h"
		@@ -542,6 +543,19 @@ int ebitmap_write(struct ebitmap e, void fp)
		return 0;
		}

		u32 ebitmap_hash(const struct ebitmap *e, u32 hash)
		{
		struct ebitmap_node *node;

		/* need to change hash even if ebitmap is empty */
		hash = jhash_1word(e->highbit, hash);
		for (node = e->node; node; node = node->next) {
		hash = jhash_1word(node->startbit, hash);
		hash = jhash(node->maps, sizeof(node->maps), hash);
		}
		return hash;
		}

		void __init ebitmap_cache_init(void)
		{
		ebitmap_node_cachep = kmem_cache_create("ebitmap_node",

+1 −0

Original line number	Diff line number	Diff line
		@@ -131,6 +131,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value);
		void ebitmap_destroy(struct ebitmap *e);
		int ebitmap_read(struct ebitmap e, void fp);
		int ebitmap_write(struct ebitmap e, void fp);
		u32 ebitmap_hash(const struct ebitmap *e, u32 hash);

		#ifdef CONFIG_NETLABEL
		int ebitmap_netlbl_export(struct ebitmap *ebmap,