[PATCH 2/6] selinux: dump statistics for more hash tables

From: Christian Göttsche
Date: Fri Aug 18 2023 - 11:13:37 EST


Dump in the SELinux debug configuration the statistics for the
conditional rules avtab, the role transition, and class and common
permission hash tables.

Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
security/selinux/ss/conditional.c | 3 +++
security/selinux/ss/policydb.c | 6 ++++++
2 files changed, 9 insertions(+)

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 81ff676f209a..0dd17fe76286 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -171,6 +171,9 @@ int cond_init_bool_indexes(struct policydb *p)
GFP_KERNEL);
if (!p->bool_val_to_struct)
return -ENOMEM;
+
+ avtab_hash_eval(&p->te_cond_avtab, "conditional_rules");
+
return 0;
}

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 84f02d4f8093..932e383bcad6 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1158,6 +1158,8 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp)
goto bad;
}

+ hash_eval(&comdatum->permissions.table, "common_permissions");
+
rc = symtab_insert(s, key, comdatum);
if (rc)
goto bad;
@@ -1339,6 +1341,8 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp)
goto bad;
}

+ hash_eval(&cladatum->permissions.table, "class_permissions");
+
rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
if (rc)
goto bad;
@@ -2616,6 +2620,8 @@ int policydb_read(struct policydb *p, void *fp)
rtd = NULL;
}

+ hash_eval(&p->role_tr, "roletr");
+
rc = next_entry(buf, fp, sizeof(u32));
if (rc)
goto bad;
--
2.40.1