5007728980
Always hashing the string representation is inefficient. Just hash the contents of the structure directly (using jhash). If the context is invalid (str & len are set), then hash the string as before, otherwise hash the structured data. Since the context hashing function is now faster (about 10 times), this patch decreases the overhead of security_transition_sid(), which is called from many hooks. The jhash function seemed as a good choice, since it is used as the default hashing algorithm in rhashtable. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Jeff Vander Stoep <jeffv@google.com> Tested-by: Jeff Vander Stoep <jeffv@google.com> [PM: fixed some spelling errors in the comments pointed out by JVS] Signed-off-by: Paul Moore <paul@paul-moore.com>
29 lines
954 B
Makefile
29 lines
954 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for building the SELinux module as part of the kernel tree.
|
|
#
|
|
|
|
obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
|
|
|
|
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
|
|
netnode.o netport.o status.o \
|
|
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
|
|
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/context.o
|
|
|
|
selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
|
|
|
|
selinux-$(CONFIG_NETLABEL) += netlabel.o
|
|
|
|
selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
|
|
|
|
ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
|
|
|
|
$(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
|
|
|
|
quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
|
|
cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
|
|
|
|
targets += flask.h av_permissions.h
|
|
$(obj)/flask.h: $(src)/include/classmap.h FORCE
|
|
$(call if_changed,flask)
|