Use smaller struct fields to optimize memory usage and speed.
On a 32-bit machine this saves 4 bytes per rule and 4 bytes per label.
Limit label length to 8 bits. It's max value is already limited to 255.
Limit label id to 16 bits. While policy with more than 2^16 labels is
theoretically possible, it would be handled very badly by kernel.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
#define ACCESS_TYPE_L 0x20
#define DICT_HASH_SIZE 4096
+#define MAX_LABELS_CNT (UINT16_MAX + 1)
extern char *smackfs_mnt;
extern int smackfs_mnt_dirfd;
struct smack_rule {
int8_t allow_code;
int8_t deny_code;
- int subject_id;
- int object_id;
+ uint16_t subject_id;
+ uint16_t object_id;
struct smack_rule *next;
};
struct smack_label {
- int len;
- int id;
+ uint8_t len;
+ uint16_t id;
char *label;
struct smack_label *next;
};
struct smack_label *new_label;
int len;
+ if (handle->labels_cnt == MAX_LABELS_CNT)
+ return NULL;
+
len = get_label(NULL, label, &hash_value);
if (len == -1)
return NULL;