From 56e3106e934796f993decd08b3c4224d3830209a Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Sat, 10 Nov 2007 17:31:31 +0100
Subject: [PATCH] install+SELinux: reduce a 12x performance hit to ~1.5x

* src/install.c (setdefaultfilecon): Call matchpathcon_init_prefix,
to mitigate what would otherwise be a large performance hit due to
the use of matchpathcon.
Dan Walsh suggested the use of matchpathcon_init_prefix.
* gl/lib/se-selinux.in.h (matchpathcon_init_prefix): Define.

Signed-off-by: Jim Meyering <meyering@redhat.com>
---
 ChangeLog              |  9 +++++++++
 gl/lib/se-selinux.in.h |  3 +++
 src/install.c          | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 996e1dd61e..529c770110 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2007-11-09  Jim Meyering  <meyering@redhat.com>
+
+	install+SELinux: reduce a 12x performance hit to ~1.5x
+	* src/install.c (setdefaultfilecon): Call matchpathcon_init_prefix,
+	to mitigate what would otherwise be a large performance hit due to
+	the use of matchpathcon.
+	Dan Walsh suggested the use of matchpathcon_init_prefix.
+	* gl/lib/se-selinux.in.h (matchpathcon_init_prefix): Define.
+
 2007-11-08  Jim Meyering  <meyering@redhat.com>
 
 	Adapt to gnulib's s/jm_/gl_/ cache variable renaming.
diff --git a/gl/lib/se-selinux.in.h b/gl/lib/se-selinux.in.h
index 7bfe4c5ff7..7be1e702a7 100644
--- a/gl/lib/se-selinux.in.h
+++ b/gl/lib/se-selinux.in.h
@@ -51,4 +51,7 @@ static inline int security_compute_create (security_context_t scon,
 					   security_class_t tclass,
 					   security_context_t *newcon)
   { errno = ENOTSUP; return -1; }
+static inline int matchpathcon_init_prefix (char const *path,
+					    char const *prefix)
+  { errno = ENOTSUP; return -1; }
 #endif
diff --git a/src/install.c b/src/install.c
index 34f61ffba3..216715f5ce 100644
--- a/src/install.c
+++ b/src/install.c
@@ -213,6 +213,38 @@ setdefaultfilecon (char const *file)
   if (lstat (file, &st) != 0)
     return;
 
+  if (IS_ABSOLUTE_FILE_NAME (file))
+    {
+      /* Calling matchpathcon_init_prefix (NULL, "/first_component/")
+	 is an optimization to minimize the expense of the following
+	 matchpathcon call.  */
+      char const *p0;
+      char const *p = file + 1;
+      while (ISSLASH (*p))
+	++p;
+
+      /* Record final leading slash, for when FILE starts with two or more.  */
+      p0 = p - 1;
+
+      if (*p)
+	{
+	  char *prefix;
+	  do
+	    {
+	      ++p;
+	    }
+	  while (*p && !ISSLASH (*p));
+
+	  prefix = malloc (p - p0 + 2);
+	  if (prefix)
+	    {
+	      stpcpy (stpncpy (prefix, p0, p - p0), "/");
+	      matchpathcon_init_prefix (NULL, prefix);
+	      free (prefix);
+	    }
+	}
+    }
+
   /* If there's an error determining the context, or it has none,
      return to allow default context */
   if ((matchpathcon (file, st.st_mode, &scontext) != 0) ||
-- 
2.47.2