libsepol: move unchanged data out of loop

Perform the lookup whether the class is in the current scope once, and not for every permission. This also ensures the class is checked to be in the current scope if there are no permissions attached. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
SELinuxProject · Jun 13, 2024 · 52e5c30 · 52e5c30
1 parent a3332e5
commit 52e5c30
Showing 1 changed file with 18 additions and 20 deletions.
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
@@ -1925,17 +1925,17 @@ static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *varg)
  * Note that if a declaration had no requirement at all (e.g., an ELSE
  * block) this returns 1. */
 static int is_decl_requires_met(link_state_t * state,
-				avrule_decl_t * decl,
+				const avrule_decl_t * decl,
 				struct missing_requirement *req)
 {
 	/* (This algorithm is very unoptimized.  It performs many
 	 * redundant checks.  A very obvious improvement is to cache
 	 * which symbols have been verified, so that they do not need
 	 * to be re-checked.) */
 	unsigned int i, j;
-	ebitmap_t *bitmap;
-	char *id, *perm_id;
-	policydb_t *pol = state->base;
+	const ebitmap_t *bitmap;
+	const char *id, *perm_id;
+	const policydb_t *pol = state->base;
 	ebitmap_node_t *node;
 
 	/* check that all symbols have been satisfied */
@@ -1961,27 +1961,25 @@ static int is_decl_requires_met(link_state_t * state,
 	}
 	/* check that all classes and permissions have been satisfied */
 	for (i = 0; i < decl->required.class_perms_len; i++) {
+		const class_datum_t *cladatum = pol->class_val_to_struct[i];
+		const scope_datum_t *scope;
+
+		bitmap = &decl->required.class_perms_map[i];
+		id = pol->p_class_val_to_name[i];
+
+
+		scope = hashtab_search(state->base->p_classes_scope.table, id);
+		if (scope == NULL) {
+			ERR(state->handle,
+				"Could not find scope information for class %s",
+				id);
+			return -1;
+		}
 
-		bitmap = decl->required.class_perms_map + i;
 		ebitmap_for_each_positive_bit(bitmap, node, j) {
 			struct find_perm_arg fparg;
-			class_datum_t *cladatum;
 			uint32_t perm_value = j + 1;
 			int rc;
-			scope_datum_t *scope;
-
-			id = pol->p_class_val_to_name[i];
-			cladatum = pol->class_val_to_struct[i];
-
-			scope =
-			    hashtab_search(state->base->p_classes_scope.table,
-					   id);
-			if (scope == NULL) {
-				ERR(state->handle,
-				    "Could not find scope information for class %s",
-				    id);
-				return -1;
-			}
 
 			fparg.valuep = perm_value;
 			fparg.key = NULL;